Ransomware Group

Medusa

Also known as: MedusaLocker variant

Status: active • First seen 2021-06200+ known victims

Medusa attacks schools and hospitals, stealing student and patient data. They threaten victims three ways: encryption, data leaks, and denial-of-service attacks.

Overview

Medusa has attacked educational institutions including Minneapolis Public Schools. The group uses triple extortion, threatening DDoS attacks alongside data leaks.

Target Industries

Education, Healthcare, Government, Technology

How They Attack

  • RDP exploitation
  • Triple extortion
  • PowerShell abuse
  • Education targeting

Notable Victims

Minneapolis Public Schools (2023), Healthcare systems

Is your business exposed?

How to Protect Against Medusa

  1. 1.

    Secure RDP access

  2. 2.

    Protect student and patient data

  3. 3.

    Implement school district security

MITRE ATT&CK Techniques

T1021.001, T1059.001, T1486, T1567

Related Groups

Medusa Locker

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices