Medusa Ransomware Is Turning Unpatched Systems To Stone

September 26, 2024

The cybercriminals behind Medusa ransomware increased their activity after a website dedicated to leaked data appeared on the dark web about a year ago.

Medusa is a ransomware family that became prominent in 2023 and targets a wide range of industries. Cybercriminals have infected at least 74 organizations with Medusa ransomware.

Cybercriminals publish the sensitive data of ransomware victims who do not meet their demands on their websites. The gangs pressure victims by posting "information about the organizations, ransom demanded, the amount of time left before the stolen data is released publicly, and the number of views in a bid."

According to researchers at Palo Alto Networks Unit 42, the Medusa group's "multi-extortion strategy" gives victims options with different price tags, such as "time extension, data deletion or download of all the data," after they post the victim's data on the site.

The ransomware group exploits "internet-facing assets or applications with known unpatched vulnerabilities" to access networks and then launches the ransomware to "enumerate and encrypt all files" that are not those associated with the ransomware. Medusa malware uses "living-off-the-land (LotL) techniques" to avoid detection. "Medusa Ransomware on the Rise: From Data Leaks to Multi-Extortion" thehackernews.com (Jan. 12, 2024).

Commentary

This dangerous type of ransomware targets organizations that have "internet-facing assets or applications with known unpatched vulnerabilities." This highlights the importance of keeping all devices with network access patched with the latest updates.

Require employees to set all work devices to update operating systems and applications automatically or have your IT department set all devices to update automatically before providing them to employees.

Consider prohibiting employees from using personal devices to access your network. If employees must use personal devices, require them to install any updates as soon as they are available. Emphasize that cybercriminals can exploit a single unpatched device to infect the entire organization with ransomware.

State that employees who knowingly violate your cybersecurity policy will face disciplinary action as outlined in your written policy. However, make it clear that employees will not be disciplined for reporting suspicious internet activity, as doing so is essential for your IT department to identify a threat from malware.

Finally, your opinion is important to us. Please complete the opinion survey:

Product

Articles

Steps For Choosing A Forensic Auditor

Healthcare employers with strong financial oversight and audits can avoid risks to finances and patients. Read about forensic audits.

Foreign Rules On Travel Continue To Change: What Should Employers Consider

Travelers visiting other countries for business or pleasure should be aware the rules in foreign countries and cities are varied and can change.

Parents In Gen Z Interviews, Update On FTC's Non-Compete Rule, $2.78M Privacy Verdict, And More

FTC non-compete update, $10.5M no-poach settlement, $2.78M hidden video privacy verdict, parents attending Gen Z interviews, and more.

Do You Provide Employees With Detailed Benefit Information? You Make The Call

Workers want more detailed and frequent information about their benefits. Do you provide employees with detailed benefit information? You make the call.

Ask Leslie: Who Gets To Decide If FMLA Leave Is Applicable?

Can an employee dictate whether the employer counts leave as FMLA leave? Leslie Zieren, Esq. responds.