A recent advisory from the FBI, CISA, and MS-ISAC highlights the evolving tactics of the Medusa ransomware gang, which now requires victims to make three ransom payments. This globespanning ransomware-as-a-service operation recruits affiliates to exploit vulnerabilities and launch attacks primarily through phishing and unpatched software weaknesses. Their double extortion model involves not just demanding payment for decrypting data but also threatening to release stolen information. The advisory underscores the increasing sophistication of these cybercriminals and the urgent need for organizations to enhance their cybersecurity defenses.
If victims cough up $10,000 in cryptocurrency, the crims push the deadline forward by 24 hours.
Uncle Sam's infosec agencies prefer to call those affiliates "Medusa actors." They're also sometimes labeled "initial access brokers" (IABs)...
The joint report...reminds us that Medusa is a globe-spanning ransomware-as-a-service (RaaS) operation that recruits third-party affiliates to plant ransomware and negotiate with victims.
Once Medusa miscreants get their ransomware running, they use a double extortion strategy that sees them demand payments to decrypt the scrambled data and to prevent its release.
Collection
[
|
...
]