Medusa Ransomware: A Growing Threat with a Bold Online Presence
Sept. 18, 2024, 9 a.m.
Tags
External References
Description
Medusa is a prominent ransomware group that emerged in 2023, targeting sectors such as healthcare, manufacturing, and education across multiple countries. Unlike typical ransomware operators, Medusa maintains a presence on both the dark web and surface web, including social media platforms. The group operates a ransomware-as-a-service model and has attacked 145 victims in 2023, with projections of over 200 victims by the end of 2024. Medusa's tactics include exploiting vulnerabilities, using compromised remote management tools, and employing sophisticated defense evasion techniques. The group's unusual online presence, including connections to 'OSINT Without Borders', has drawn attention from cybersecurity analysts. Despite their bold approach, Medusa has experienced operational setbacks, highlighting potential vulnerabilities in their strategy.
Date
Published: Sept. 18, 2024, 8:30 a.m.
Created: Sept. 18, 2024, 8:30 a.m.
Modified: Sept. 18, 2024, 9 a.m.
Indicators
9144a60ac86d4c91f7553768d9bef848acd3bd9fe3e599b7ea2024a8a3115669
736de79e0a2d08156bae608b2a3e63336829d59d38d61907642149a566ebd270
4d4df87cf8d8551d836f67fbde4337863bac3ff6b5cb324675054ea023b12ab6
45.61.185.34
198.54.123.60
194.28.50.70
193.178.169.19
176.123.9.68
103.217.41.10
103.131.70.228
91.219.236.204
Attack Patterns
Medusa Ransomware
Medusa
T1003.001
T1569.002
T1021.001
T1059.001
T1547.001
T1562.001
T1486
T1140
T1190
T1133
T1078
CVE-2023-48788
Additional Informations
Healthcare
Education
Finance
Government
Manufacturing
British Indian Ocean Territory
Portugal
Iran, Islamic Republic of
India
Australia
United Arab Emirates
Israel
United States of America