Tag Archive for: Boulevard

Security Bloggers Network – Security Boulevard


Weekly Top 10

Latest Posts

Consider Cybersecurity topics, authors and tags that you are interested in when trying to search. You can also enter your own custom search criteria. You can also select a topic or syndication source below to filter all the blog posts.

Source…

BSidesSF 2023 – Eliad Kimhy – The History Of Ransomware: From Floppies To Droppers, And Beyond – Security Boulevard



BSidesSF 2023 – Eliad Kimhy – The History Of Ransomware: From Floppies To Droppers, And Beyond  Security Boulevard

Source…

Medusa Ransomware – Security Boulevard


Threat Description – Medusa Ransomware

Medusa Ransomware is a variant that was believed to have emerged in June 2021 and has been becoming increasingly prolific as of late. While “Medusa” has been a commonly used in the name of other ransomware, malware, and botnets, it is distinct from its similarly named competitors (such as MedusaLocker). The ransomware claims to exfiltrate data from compromised organizations to perform a “double-extortion attack”, this is a type of attack in which the threat actor will not only encrypt compromised systems, but also sell or release the exfiltrated data publicly if a ransom is not met. Medusa Ransomware uses a .MEDUSA file extension for files it encrypts. Medusa Ransomware is considered to be an active threat, and thus poses a significant and present risk that should be ascertained and prepared for.

Threat Synopsis

Medusa Ransomware is a human-operated ransomware that was first observed in June 2021, and has recently come into the spotlight after a series of successful and high-profile attacks on corporate victims, including the Minneapolis Public School district. The group has demanded a $1 million ransom in exchange for the decryption key. Medusa Ransomware is distinct from other actors, malware, and ransomware that go by the same name, such as MedusaLocker or Medusa Botnet.

The ransomware shuts down over 280 Windows services and processes, including those for mail servers, backup servers, database servers, and security software, that may prevent files from being encrypted. Medusa then deletes Windows Shadow Volume Copies to prevent them from being used to recover files. The ransomware encrypts files with the AES-256 + RSA-2048 encryption using the BCrypt library, appends the .MEDUSA extension to encrypted file names, and creates a ransom note named !!!READ_ME_MEDUSA!!!.txt in each folder containing information about what happened to the victim’s files. Medusa is different from the older MedusaLocker Ransomware in several ways, including the type of ransom notes they leave (“!!!READ_ME_MEDUSA!!!.txt”) and the file extensions they use for encrypted files (“.MEDUSA”).

The ransomware claims to exfiltrate data from…

Source…

Going Online With the OWASP Vulnerability Management Guide Working Group – Security Boulevard



Going Online With the OWASP Vulnerability Management Guide Working Group  Security Boulevard

Source…