Ransomware Intelligence

medusa

Ransomware group profile

85Victims
RussiaSource country
112Impact score
Also Known As
Spearwing

Description

Medusa is a ransomware group known for its targeted attacks on various sectors, particularly healthcare and finance. Utilizing advanced encryption and double extortion tactics, they demand ransoms while threatening to release stolen data. Medusa is distinctive for their public pressure tactics and employing affiliates to conduct their operations.

Key insights

  • Medusa employs sophisticated techniques including advanced encryption algorithms and obfuscation methods.
  • They primarily target healthcare and financial sectors but have also begun exploiting supply chains through compromised managed service providers.
  • The group utilizes double extortion methods, encrypting data and threatening to release sensitive information if the ransom is not paid.
  • Medusa has been linked to other ransomware groups and operates on a ransomware-as-a-service model.
  • Their initial access often comes from phishing campaigns, exploiting software vulnerabilities, and unsecured RDP connections.
  • Medusa has a notable presence on public channels to pressure victims, under aliases associated with their operations.

Industries

EducationEnergy & UtilitiesFinancial ServicesGovernment & DefenseHealthcareHospitalityManufacturingOtherProfessional ServicesRetail & E-CommerceTechnologyTransportation

Threat Level & Status Breakdown

For medusa · Based on incidents in selected period

4.2threat level
Aggressiveness8/ 10
Lethality0.9/ 10
Criticality3.7/ 10

Status Breakdown

Data Leaked25.9%22
Claimed55.3%47
First seenJun 2025
Last seenApr 2026
Avg ransom
Payment rate
Statusactive
Sophistication0
Last updatedJun 2, 2026

Recent activity

Monthly attack count for medusa in the selected period

85Total attacks
18peak in Oct
7.7avg / month
↓ 4 vs first month
JunJulAugSepOctNovDecJanFebMarApr05101520

Intelligence

IOCs, YARA/Sigma rules, and related families for medusa

  1. ac7741bca86793d28659b358f734a65e
  2. 917e115cc403e29b4388e0d175cbfac3e7e40ca1742299fbdb353847db2de7c2
  3. 8e846ed965bbc0270a6f58c5818e039ef2fb78def4d2bf82348ca786ea0cea4f
  4. 50520639cf77df0c15cc95076fac901e3d04b708
  5. f0ac3999d4020cd051052a0627a2056d
  6. 84828f31d741f92ce4bca98cfc2148ff8cff6663e2908a025b1386dd4953ffef
  7. 632be2363c7a13be6d5ce0dca11e387bd0a072cc962b004f0dcf3c1f78982a5a
  8. 9c1a0a6ebf3184a621cd5509f937cdd1c04c52316bc94eaaf8328b4873b303f0
  9. a57f84e3848ab36fd59c94d32284a41e
  10. 5ff8acd652cc134b84213865aa3f74667c09a331cfa9affd2a2668ce78751516
  11. 468121e7d6952799f92940677268937c4c5f92ed
  12. c58704219d39b0e4484d4df0e244c726
  13. 9802a1e8fb425ac3a7c0a7fca5a17cfcb7f3f5f0962deb29e3982f0bece95e26
  14. 841ec2dec944964fc54786a1167713ff
  15. 721af117726af1385c08cc6f49a801f3cf3f057d9fd26fcec2749455567888e7
  16. 296d28eb7b66aa2cbea7d9c2e7dc1ad6ce6f97d44d34139760c38817aec083e7
  17. bfc17da86d6ae78228a232244157449eee1a6644
  18. 3037049411db0453c91e60393a248be2
  19. 65233da43bb5dfc9e0a7db7576c064f37efa6effcaf48fc60f7ab339f9ce03f9
  20. c53c93a445d751387eb167e5a2b901da
  21. 816013f665dc689fa9ad81762638d5ed3b7e9ccd
  22. 3a8a60416b7b0e1aa5d17eefb0a45a16
  23. 270c3354b3ee2940b499e365eaba143fba9d458f434dc38e663dc0f08e96121e
  24. 9b04a93e05ccff94667f04bffa7af600
  25. 5bef7608d66112315eefff354dae42f49178b7498f994a728ae6203a8a59f5a2
  26. eeb830e36bc2ecc226ee8d13e37c1a39
  27. 374ef83de2b254c4970b830bb93a1dd79955945d24b824a0b35636e14355fe05
  28. b7703a59c39a0d2f7ef6422945aaeaaf061431af0533557246397551b8eed505
  29. f800e95135a980cc5762da3cbc13b566
  30. d9390bbbc6e399a388ac6ed601db4406eeb708f3893a40f88346ee002398955c
  31. 827d8ae502e3a4d56e6c3a238ba855a7
  32. 1cc2d1f2a991c19b7e633a92b1629641c019cdeb
  33. 1b7aee68f384e252286559abc32e6dd1
  34. 4e152dacab201c5bf5c22c93e31e9475
  35. b0fa846e8dfc50a7557a55ad8a65f8263927467b7111c49d56e47eaf403ace42
  36. f9c6dca22e336cf71ce4be540905b34b5a63a7d02eb9bbd8a40fc83e37154c22
  37. 8a4928ac9089adc4a153741d2f1c784a
  38. a53a9ca8a074c7108f8412c3f8c1fc5d
  39. 330ddac1f605ff8abf60880c584ed797
  40. 466dafa82a4460dcad722d2ad9b8ca332e9a896fc59f06e16ebe981ad3838a6b
  41. 74c2a7527b5ae4efb20631867d871ceb28a56c8bd5bd545739c3bbbc1755414f
  42. e57ba1a4e323094ca9d747bfb3304bd12f3ea3be5e2ee785a3e656c3ab1e8086
  43. 651846e962ea48d797af4c81828f2badee5efc14e10ac75b003f90da82ad64f8
  44. eb67db00facad9154b98292b91908f051befdab6d7dd6b08f408f763af4c805b
  45. 77962a384d251f0aa8e3008a88f206d6cb1f7401c759c4614e3bfe865e3e985c
  46. 2173b43a66070aadf052ab66dd6933ce
  47. 0e43a0f747a60855209b311d727a20bf
  48. 2716c60c28cf7f7568f55ac33313468b
  49. 050dbd816c222d3c012ba9f2b1308db8e160e7d891f231272f1eacf19d0a0a06
  50. 6b05a1e9faf5b77bad1826bacf322b24
  51. 107d1f6cab03e59229ca6951cc1fa29b3900115a2805a5a599b24cc48e7ba7af
  52. a97a28276e4f88134561d938f60db495
  53. 62bed88bd426f91ddbbbcfcd8508ed6a
  54. cb1280f6e63e4908d52b5bee6f65ec63
  55. 4a9dde3979c2343c024c6eeeddff7639be301826dd637c006074e04a1e4e9fe7
  56. ed241c92f9bc969a160da2c4c0b006581fa54f9615646dd46467d24fe5526c7a
  57. bcd952d2995d187c5a87ec0e03b638e02d7157b9a01d4e7c28ce7a6d6b28ac42
  58. 54de95cc33834a2f877ba4842860af27
  59. ac0dce3b0f5b8d187a2e3f29efc358538fd4aa45
  60. 76000c77ea9a214f5b2ae8cc387809db
  61. 91416e90b03e799bcbde19adac80e846639716e138ea7fd3504772ad2c21f371
  62. 9e82ee5bde6b5d29281a3c280e6d1f2e
  63. 80e8defa5377018b093b5b90de0f2957f7062144c83a09a56bba1fe4eda932ce
  64. 4a869e4a816476f12d5cd6aab0625c5f6aab97714a486f6b8a5f484cbc8981f6
  65. 9ea86dccd5bbde47f8641b62a1eeff07
  66. 4bace6e0b61f5169bb0ca7f48c38aea2
  67. 91025d6f02e542f2e37ffce7d0ce8b51
  68. b4f9e77ce3bc44b5418d82f645cdcb4cf149e6d9204bb876c30f7038498759af
  69. d58e06727c551756cbee1fc6539929553a09878b
  70. 3c7480998ade344b74e956f7d3a3f1a989aaf43446163a62f0a8ed34b0c010d0
  71. c9f2476bf8db102fea7310abadeb9e01
  72. 14296b21c6e2ba9d56759e2da4b09f58148852ddeefa8fb76a838a30871679a7
  73. 5022495104c280286e65184e3164f3f248356d065ad76acef48ee2ce244ffdc8
  74. 2f578cb0d97498b3482876c2f356035e3365e2c492e10513ff4e4159eebc44b8
  75. 457a2a8d0784e9fc8e49f6ef60f7f29e
  76. 01735bb47a933ae9ec470e6be737d8f646a8ec66
  77. 87e8230a9ca3f0c5ccfa56f70276e2f2
  78. 99a16ad0480bfa00adc470c6ccfa81e993023425
  79. 6502e8d9c49cc653563ea75f03958900543430be7b9c72e93fd6cf0ebd5271bc
  80. ffa73b9f9e650f50b8568a647a9a35cf
  81. dd2db9bfa45002375af028ac00ca1b5e0c1db30a116c21cac2b4c75cb4ff9aec
  82. b16e217cdca19e00c1b68bdfb28ead53b20adeabd6edcd91542f9fbf48942877
  83. c2e9fbca414575d5c080d97f378024a4d131d6e1262112aebaa96eafa3592381
  84. 2c89a18944d3a895bd6432415546635e
  85. fd3834d566a993c549a13a52d843a4e1
  86. 646077aaf1ced1b32ae6519beced080f
  87. 992cb5a753697ee2642aa390f09326fcdb7fd59119053d6b1bdd35d47e62f472
  88. d8a44d2ed34b5fee7c8e24d998f805d9
  89. 8ea420d9aa341ba23cdea0ac03951bce866c933ba297268bc7db8a01ce8e9b8e
  90. 6ee94f6bdc4c4ed0fff621fec36c70ff093659ed
  91. 682389250d914b95d6c23ab29dffee11cb65cae9
  92. f4062e52461b38ad9d9a4c936ed916f728968e85325c565233de4418f7e86dc6
  93. d419a9b17f7b4c23fd4e80a9bce130d2a13c307fccc4bfbc4d49f6b770d06d3b
  94. 20e3a0955baca4dc7f1f36d3b865e632474add77
  95. da92fc812b84137cef1571fb6c0285f0
  96. e2a24ab94f865caeacdf2c3ad015f31f23008ac6db8312c2cbfb32e4a5466ea2
  97. cc14df781475ef0f3f2c441d03a622ea67cd86967526f8758ead6f45174db78e
  98. 2f37912e7cb6e5c478e6dc3d0e381a24
  99. d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee
  100. b85ed15756568b85148c1d432a8920f81e4b21f2bc38f0cf51d06ced619e0e77
  101. 59e1edf4d82fae4978e97512b0331b7eb21dd4b838b850ba46794d9c7a2c0983
  102. 20e1a0e96a210117dd728821dec8742ccfa5213d75e818c80d5bcc5aa8e91afc
  103. 1006fd38218b6769b39247e7306225b1cd001127
  104. a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2
  105. 0299e3c2536543885860c7b61e1efc3f
  106. e078778b62796bab2d7ab2b04d6b01bf
  107. 45de4b0457b2244f810d2793226f0ec27f252a35
  108. 8bcbf1c43d0550e4b8048137fbed5a7ab3c44ae4
  109. e889544aff85ffaf8b0d0da705105dee7c97fe26
  110. 3928c5874249cc71b2d88e5c0c00989ac394238747bb7638897fc210531b4aab
  111. 78147d3be7dc8cf7f631de59ab7797679aba167f82655bcae2c1b70f1fafc13d
  112. 47ec51b5f0ede1e70bd66f3f0152f9eb536d534565dbb7fcc3a05f542dbe4428
  113. be6c46239e9c753de227bf1f3428e271
  114. d7b487d2e840c4546661f497af0195614fc0906c03d187dc39815c811ea5ec3f
  115. a4839090ffea89bc9c9223d1f9cdeff2
  116. d8e8eb2714c91b9968ffd409f771e7e1
  117. 3ccb77a10497a32efcaa42ac646ca6cf
  118. 2ffe59a6a047b2333a1f3eb58753f3bc
  119. bc65ed919988c8e4b8f5a1cd371745456601700a
  120. 5d6b9e80e12bfc595d4d26f6afb099b3cb471dd4
  121. 6f76505a91c91c29238f0ed70b369417
View full IOC feed500 total

TTPs & Attack Vectors

Tools, initial access, and MITRE ATT&CK techniques for medusa

CVE-2026-23760
CVE-2026-1731
CVE-2025-52691
CVE-2025-47176
CVE-2025-47171
CVE-2025-31324
CVE-2025-31161
CVE-2025-10035
CVE-2024-27199
CVE-2024-27198
CVE-2024-21887
CVE-2024-1709
CVE-2024-1708
CVE-2023-5129
CVE-2023-5009
CVE-2023-4966
CVE-2023-48788
CVE-2023-46805
CVE-2023-46748
CVE-2023-46747
CVE-2023-46604
CVE-2023-40044
CVE-2023-38831
CVE-2023-38035
CVE-2023-3519
CVE-2023-34039
CVE-2023-27351
CVE-2023-27350
CVE-2023-22515
CVE-2023-21529
CVE-2023-20198
CVE-2023-20109
Discovery

T1083

File and Directory Discovery

T1135

Network Share Discovery

Execution

T1047

Windows Management Instrumentation

T1059

Command and Scripting Interpreter

Impact

T1486

Data Encrypted for Impact

T1489

Service Stop

T1490

Inhibit System Recovery

Victims(123)

CompanyDomainCountryIndustryStatusDiscovered
dolrad
Claimed
6 days ago
Mairie Thiverval GrignonFR FranceGovernment & Defense
Claimed
6 days ago
sitgroupIT Italy
Claimed
7 days ago
BAEAOAI
Claimed
8 days ago
BAKAXAH
Claimed
8 days ago
BAEAXAI
Claimed
8 days ago
FunkeScheid
Claimed
10 days ago
T Online
Claimed
10 days ago
DadolightingManufacturing
Claimed
10 days ago
Sgs GmbhOther
Claimed
13 days ago
KarneslegalUS United StatesProfessional Services
Claimed
16 days ago
BATAZAI
Claimed
16 days ago
EstrelaIN IndiaTechnology
Claimed
16 days ago
BARAAAI
Claimed
22 days ago
BAPAMAI
Claimed
24 days ago
BAUARAI
Claimed
24 days ago
BAVADAI
Claimed
26 days ago
baralai
Claimed
26 days ago
BAVACAIMY MalaysiaProfessional Services
Claimed
26 days ago
BAVAQAI
Claimed
26 days ago

Page 1 of 7

Affected countries(76)

Countries where this group has been reported to target or leak victims.

🇦🇪United Arab Emirates🇦🇬Antigua and Barbuda🇦🇲Armenia🇦🇴Angola🇦🇷Argentina🇦🇺Australia🇧🇦Bosnia and Herzegovina🇧🇩Bangladesh🇧🇪BelgiumBolivia, Plurinational State of🇧🇷Brazil🇨🇦Canada🇨🇭Switzerland🇨🇱Chile🇨🇳China🇨🇴Colombia🇨🇷Costa Rica🇨🇾Cyprus🇨🇿Czech Republic🇩🇪Germany🇩🇴Dominican Republic🇩🇿Algeria🇪🇪Estonia🇪🇬Egypt🇪🇸Spain🇫🇷France🇬🇧United Kingdom🇬🇪GeorgiaGuernseyGuadeloupe🇭🇷Croatia🇭🇺Hungary🇮🇩Indonesia🇮🇪Ireland🇮🇱Israel🇮🇳IndiaIran, Islamic Republic of🇮🇹Italy🇯🇲Jamaica🇯🇴Jordan🇯🇵Japan🇰🇪Kenya🇱🇧Lebanon🇲🇦Morocco🇲🇬MadagascarMacao🇲🇽Mexico🇲🇾Malaysia🇳🇬Nigeria🇳🇱Netherlands🇳🇴Norway🇳🇿New Zealand🇵🇪PeruFrench Polynesia🇵🇬Papua New Guinea🇵🇭Philippines🇵🇰Pakistan🇵🇹Portugal🇵🇾Paraguay🇷🇸SerbiaRussian Federation🇸🇦Saudi Arabia🇸🇪Sweden🇸🇬Singapore🇸🇰Slovakia🇸🇳Senegal🇹🇭Thailand🇹🇴Tonga🇹🇷Turkey🇹🇹Trinidad and TobagoTaiwan, Province of China🇺🇸United StatesVenezuela, Bolivarian Republic of🇿🇦South Africa🇿🇼ZimbabweGlobal