Ransomware, Threat Management, Malware
Medusa ransomware gaining traction
BleepingComputer reports that the Medusa ransomware operation has been ramping up activity this year after a slow start in June 2021, with its claimed attack against Minneapolis Public Schools helping it gain media attention.
Despite similarities in name, the Medusa and MedusaLocker ransomware groups are different entities that both use a Tor website for ransom negotiations but have distinct ransom notes, encryption methods, and file extensions for encrypted files.
Medusa's Windows encryptor was discovered to accept command-line options enabling the file encryption process. More than 280 Windows services and processes are being terminated by the Medusa ransomware in a run without command line arguments, with the ransomware also having the ability to erase Windows Shadow Volume Copies to hinder file recovery.
Medusa ransomware also executes a specific command to erase backup program-related locally stored files, as well as virtual machines' virtual disk hard drives in an effort to curb file restoration.
An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds