Ransomware
Medusa Ransomware
First seen: 2019-09 • Status: active
Currently Active Threat
Medusa ransomware has been attacking hospitals, schools, and government offices for years. They are aggressive with their ransom demands.
Overview
Medusa is a persistent ransomware operation known for attacking critical infrastructure including schools and hospitals.
Also Known As
MedusaLocker
How It Spreads
- • RDP brute force
- • Phishing
- • Exploit kits
What It Does
- • File encryption
- • Data theft
- • Double extortion
Is your business exposed?
Target Platforms
Windows
Detection Tips
- • Monitor for RDP brute force
- • Watch for Medusa indicators
MITRE ATT&CK Techniques
T1486, T1567, T1110
If You're Infected
- 1.
Disable RDP if possible
- 2.
Implement RDP security controls
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required