Medusa group steps up ransomware activities

/in


He added that the group doesn’t have a code of ethics, as some groups claim to have. “Throughout 2023, we saw the group compromise multiple school districts and publish highly sensitive information about students,” Santos says.

Medusa uses initial access brokers for network access

Other distinctions include Medusa having its own media and branding team, focusing on exploiting internet-facing vulnerabilities, and using initial access brokers (IABs) to gain access to systems. “Initial access brokers provide threat actors with valet access to the front door of an organization,” Galiette explains. “While there’s a cost associated with it, leveraging these groups has proven very lucrative in the past.”

“Overall,” Galiette adds, “we’re seeing the more active or advanced ransomware groups leverage initial access brokers. The smaller or emerging ransomware groups don’t necessarily have the capital to leverage IABs in the same way.”

The group is also into double ransoms. “The use of a double ransom is notable for Medusa, where they leverage one ransom to decrypt the encrypted parts of an environment and a separate extortion demand to prevent leaking stolen data from their victims onto the larger internet,” says Steve Stone, head of Rubrik Zero Labs, the cybersecurity research unit of Rubrik, a global data security and backup software company.

Indiscriminate targeting a universal threat posed by ransomware actors

The emergence of the Medusa ransomware in late 2022 and its notoriety in 2023 marks a significant development in the ransomware landscape, the Unit 42 report noted. This operation showcases complex propagation methods, leveraging both system vulnerabilities and initial access brokers, while adeptly avoiding detection through living-off-the-land techniques.

The Medusa Blog signifies a tactical evolution toward multi-extortion, with the group employing transparent pressure tactics on victims through ransom demands publicized online, it continued. With 74 organizations across a spectrum of industries affected to date, Medusa’s indiscriminate targeting emphasizes the universal threat posed by such ransomware actors.

Source…