Source URL: https://www.theregister.com/2025/03/13/medusa_ransomware_infects_300_critical/
Source: The Register
Title: Medusa ransomware affiliate tried triple extortion scam – up from the usual double demand
Feedly Summary: Feds warn gang still rampant and now cracked 300+ victims around the world
A crook who distributes the Medusa ransomware tried to make a victim cough up three payments instead of the usual two, according to a government advisory on how to defend against the malware and the gangs who wield it.…
AI Summary and Description: Yes
Summary: The text provides a detailed account of the Medusa ransomware operation, its tactics, and its impact on various sectors, highlighting the emerging threat of triple extortion in ransomware attacks. This information serves as a crucial alert for security and compliance professionals focused on strengthening defenses against evolving ransomware strategies.
Detailed Description: The analysis around the Medusa ransomware highlights not only the specific techniques employed by criminals but also the growing complexity of ransom demands and the implications they have for organizations. Key points include:
– **Ransomware-as-a-Service (RaaS)**: Medusa exemplifies a RaaS model where affiliates (or “Medusa actors”) perform initial system breaches for a share of the ransom.
– **Attack Methods**:
– Credential-stealing phishing campaigns.
– Exploiting unpatched vulnerabilities, notably CVE-2024-1709 and CVE-2023-48788.
– **Double Extortion Tactics**: Medusa actors employ a double extortion strategy, demanding payment for decryption and threatening to publish stolen data.
– **Triple Extortion Concerns**: Notably, a case was reported where a victim was contacted by a separate actor demanding a second ransom after initial payment, indicating possible coordination among actors.
– **Sector Impact**: As of early 2025, the Medusa ransomware has claimed at least 300 victims in critical infrastructure sectors like healthcare, education, and technology. The ransom demands show a wide range, from around $100,000 to $15 million.
– **Infection Techniques**: Utilizing common tools like Remote Desktop Protocol, Mimikatz for credential dumping, and Rclone for data exfiltration. Medusa actors are reported to employ “living off the land” techniques using already installed software for lateral movement across networks.
– **Prevention Recommendations**:
– Maintain air-gapped backups of sensitive data.
– Implement network segmentation to thwart lateral movement.
– Employ multi-factor authentication and strong password practices.
– Promptly patch vulnerabilities to minimize risk.
This advisory serves as an important call to action for organizations to reassess their cybersecurity posture, especially in light of the increasing sophistication and tactics employed by ransomware groups like Medusa.