TLDR: The Medusa ransomware group has recently intensified its activities, launching a new blog where the group posts stolen data and threatens to expose it if victims do not comply with their ransom demands. The blog provides victims with a countdown to the time their data will be made public, along with the cost of deleting the data and the price of a time extension. In addition to the blog, Medusa has also established a public Telegram channel for exposing stolen files. The group has shown a particular interest in targeting the healthcare sector, which is known for its poor cybersecurity practices and investments.
One distinguishing factor of the Medusa group is its use of initial access brokers (IABs) to gain access to systems. The group also has its own media and branding team and focuses on exploiting internet-facing vulnerabilities. Medusa has been successful in using a double ransom strategy, where victims are forced to pay one ransom to decrypt their data and another to prevent the leaking of stolen data online. The group’s indiscriminate targeting of various industries highlights the universal threat posed by ransomware actors.
The report from Palo Alto Networks’ Unit 42 emphasizes the increasing severity of the ransomware landscape and the need for organizations to adopt new technologies, such as AI, to provide adequate protection against evolving threats.