Ransomware Group

MedusaLocker

Also known as: MedusaReborn, AKO Ransomware

Status: active • First seen 2019-09500+ known victims

MedusaLocker tricks employees with fake emails to get into company networks, then locks up all the files. It especially targets hospitals and schools because they often pay quickly to get patient records and student data back.

Overview

MedusaLocker is a ransomware strain that primarily targets healthcare and education sectors through phishing emails and RDP exploitation. It uses AES-256 and RSA-2048 encryption and often spreads laterally through networks.

Target Industries

Healthcare, Education, Manufacturing, Legal Services

How They Attack

  • Phishing emails
  • RDP brute force
  • Lateral movement via SMB
  • Batch script encryption

Notable Victims

Multiple healthcare providers (2020), Educational institutions (2021)

Is your business exposed?

How to Protect Against MedusaLocker

  1. 1.

    Block malicious email attachments at the gateway

  2. 2.

    Disable RDP or secure behind VPN with MFA

  3. 3.

    Maintain offline backups of critical systems

MITRE ATT&CK Techniques

T1566, T1021.001, T1486, T1059.003

Related Groups

Medusa, Phobos

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices