
Medusa Ransomware Won't Stop
MedusaRansomwarewin.medusamedusalockerBATPowershell
Ransomware operation Medusa became operational in June 2021, according to Bleeping Computer. However, it gained significant momentum in 2023, targeting corporate victims worldwide with multimillion-dollar ransom demands. The ransomware gang has stepped up its effectiveness by launching a "Medusa Blog" in its recent rise. The platform serves to attract media attention by leaking data from victims who refuse to pay the ransom.
Indicators of Compromise
medusa-stealer.ccSOCRadar2023-06-13
anydeskupdates.comSOCRadar2023-06-13
winserverupdates.comSOCRadar2023-06-13
updateservicecenter.comSOCRadar2023-06-13
windowservicecemter.comSOCRadar2023-06-13
netviewremote.comSOCRadar2023-06-13
windowcsupdates.comSOCRadar2023-06-13
anydeskupdate.comSOCRadar2023-06-13
windowservicecenter.comSOCRadar2023-06-13
socket.afSOCRadar2023-06-13
ber6vjyb.comSOCRadar2023-06-13
study.abroad.geSOCRadar2023-06-13
windowservicecentar.comSOCRadar2023-06-13
upd488.windowservicecemter.comSOCRadar2023-06-13
info.openjdklab.xyzSOCRadar2023-06-13
espet.seSOCRadar2023-06-13
medusacegu2ufmc3kx2kkqicrlcxdettsjcenhjena6uannk5f4ffuyd.onionSOCRadar2023-06-13
lockbitks2tvnmwk.onionSOCRadar2023-06-13
qd7pcafncosqfqu3ha6fcx4h6sr7tzwagzpcdcnytiw3b6varaeqv5yd.onionSOCRadar2023-06-13
gvlay6u4g53rxdi5.onionSOCRadar2023-06-13
svchost.comSOCRadar2023-06-13
lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onionSOCRadar2023-06-13
www.securityondemand.comSOCRadar2023-06-13
lockbit-decryptor.comSOCRadar2023-06-13
orangebronze.comSOCRadar2023-06-13
jpz.nzSOCRadar2023-06-13
system.net.securitySOCRadar2023-06-13
gvlay6y4g53rxdi5.onionSOCRadar2023-06-13
location.countrySOCRadar2023-06-13
85.lp.ret.sbx.tgSOCRadar2023-06-13
iplo.ruSOCRadar2023-06-13
Campaign Guidance
Remediation, mitigation, notes, history and related intelligence
REMEDIATIONS
How to protect yourself from ransomware infections?
Double-check any suspicious emails, especially those sent from unknown addresses, and be wary of attachments or links they contain. Download software only from official pages and stores, and avoid opening downloads from shady pages, third-party downloaders, P2P networks, or clicking suspicious links.
Do not trust advertisements on dubious pages, and ensure that your operating system and installed programs are up-to-date. Regularly scanning your computer for threats and using reputable antivirus software can also help prevent and detect ransomware infections.
Reports & References2
Observed Countries29
AE (489)
AR (644)
BE (377)
BF (511)
BI (674)
BJ (126)
CA (564)
CI (846)
CN (287)
CY (394)
DE (987)
DJ (671)
ES (765)
FR (253)
GB (456)
GH (181)
GN (959)
IT (78)
KE (729)
MG (302)
ML (174)
NE (663)
NL (840)
RW (977)
SN (959)
TG (957)
TZ (434)
UG (265)
ZM (835)