medusalocker
Ransomware group profile
38Victims
RussiaSource country
112Impact score
Also Known As
Spearwing
Description
Medusa is a ransomware group known for its targeted attacks on various sectors, particularly healthcare and finance. Utilizing advanced encryption and double extortion tactics, they demand ransoms while threatening to release stolen data. Medusa is distinctive for their public pressure tactics and employing affiliates to conduct their operations.
Key insights
- •Medusa employs sophisticated techniques including advanced encryption algorithms and obfuscation methods.
- •They primarily target healthcare and financial sectors but have also begun exploiting supply chains through compromised managed service providers.
- •The group utilizes double extortion methods, encrypting data and threatening to release sensitive information if the ransom is not paid.
- •Medusa has been linked to other ransomware groups and operates on a ransomware-as-a-service model.
- •Their initial access often comes from phishing campaigns, exploiting software vulnerabilities, and unsecured RDP connections.
- •Medusa has a notable presence on public channels to pressure victims, under aliases associated with their operations.
Threat Level & Status Breakdown
For medusalocker · Based on incidents in selected period
3.2threat level
Aggressiveness8/ 10
Lethality0/ 10
Criticality1.3/ 10
Status Breakdown
Claimed100.0%38
First seenSep 2025
Last seenMay 2026
Avg ransom—
Payment rate—
Statusactive
Sophistication0
Last updatedJun 2, 2026
Recent activity
Monthly attack count for medusalocker in the selected period
38Total attacks
35peak in May
12.7avg / month
↑ 34 vs first month
Intelligence
IOCs, YARA/Sigma rules, and related families for medusalocker
- ac7741bca86793d28659b358f734a65e
- 917e115cc403e29b4388e0d175cbfac3e7e40ca1742299fbdb353847db2de7c2
- 8e846ed965bbc0270a6f58c5818e039ef2fb78def4d2bf82348ca786ea0cea4f
- 50520639cf77df0c15cc95076fac901e3d04b708
- f0ac3999d4020cd051052a0627a2056d
- 84828f31d741f92ce4bca98cfc2148ff8cff6663e2908a025b1386dd4953ffef
- 632be2363c7a13be6d5ce0dca11e387bd0a072cc962b004f0dcf3c1f78982a5a
- 9c1a0a6ebf3184a621cd5509f937cdd1c04c52316bc94eaaf8328b4873b303f0
- a57f84e3848ab36fd59c94d32284a41e
- 5ff8acd652cc134b84213865aa3f74667c09a331cfa9affd2a2668ce78751516
- 468121e7d6952799f92940677268937c4c5f92ed
- c58704219d39b0e4484d4df0e244c726
- 9802a1e8fb425ac3a7c0a7fca5a17cfcb7f3f5f0962deb29e3982f0bece95e26
- 841ec2dec944964fc54786a1167713ff
- 721af117726af1385c08cc6f49a801f3cf3f057d9fd26fcec2749455567888e7
- 296d28eb7b66aa2cbea7d9c2e7dc1ad6ce6f97d44d34139760c38817aec083e7
- bfc17da86d6ae78228a232244157449eee1a6644
- 3037049411db0453c91e60393a248be2
- 65233da43bb5dfc9e0a7db7576c064f37efa6effcaf48fc60f7ab339f9ce03f9
- c53c93a445d751387eb167e5a2b901da
- 816013f665dc689fa9ad81762638d5ed3b7e9ccd
- 3a8a60416b7b0e1aa5d17eefb0a45a16
- 270c3354b3ee2940b499e365eaba143fba9d458f434dc38e663dc0f08e96121e
- 9b04a93e05ccff94667f04bffa7af600
- 5bef7608d66112315eefff354dae42f49178b7498f994a728ae6203a8a59f5a2
- eeb830e36bc2ecc226ee8d13e37c1a39
- 374ef83de2b254c4970b830bb93a1dd79955945d24b824a0b35636e14355fe05
- b7703a59c39a0d2f7ef6422945aaeaaf061431af0533557246397551b8eed505
- f800e95135a980cc5762da3cbc13b566
- d9390bbbc6e399a388ac6ed601db4406eeb708f3893a40f88346ee002398955c
- 827d8ae502e3a4d56e6c3a238ba855a7
- 1cc2d1f2a991c19b7e633a92b1629641c019cdeb
- 1b7aee68f384e252286559abc32e6dd1
- 4e152dacab201c5bf5c22c93e31e9475
- b0fa846e8dfc50a7557a55ad8a65f8263927467b7111c49d56e47eaf403ace42
- f9c6dca22e336cf71ce4be540905b34b5a63a7d02eb9bbd8a40fc83e37154c22
- 8a4928ac9089adc4a153741d2f1c784a
- a53a9ca8a074c7108f8412c3f8c1fc5d
- 330ddac1f605ff8abf60880c584ed797
- 466dafa82a4460dcad722d2ad9b8ca332e9a896fc59f06e16ebe981ad3838a6b
- 74c2a7527b5ae4efb20631867d871ceb28a56c8bd5bd545739c3bbbc1755414f
- e57ba1a4e323094ca9d747bfb3304bd12f3ea3be5e2ee785a3e656c3ab1e8086
- 651846e962ea48d797af4c81828f2badee5efc14e10ac75b003f90da82ad64f8
- eb67db00facad9154b98292b91908f051befdab6d7dd6b08f408f763af4c805b
- 77962a384d251f0aa8e3008a88f206d6cb1f7401c759c4614e3bfe865e3e985c
- 2173b43a66070aadf052ab66dd6933ce
- 0e43a0f747a60855209b311d727a20bf
- 2716c60c28cf7f7568f55ac33313468b
- 050dbd816c222d3c012ba9f2b1308db8e160e7d891f231272f1eacf19d0a0a06
- 6b05a1e9faf5b77bad1826bacf322b24
- 107d1f6cab03e59229ca6951cc1fa29b3900115a2805a5a599b24cc48e7ba7af
- a97a28276e4f88134561d938f60db495
- 62bed88bd426f91ddbbbcfcd8508ed6a
- cb1280f6e63e4908d52b5bee6f65ec63
- 4a9dde3979c2343c024c6eeeddff7639be301826dd637c006074e04a1e4e9fe7
- ed241c92f9bc969a160da2c4c0b006581fa54f9615646dd46467d24fe5526c7a
- bcd952d2995d187c5a87ec0e03b638e02d7157b9a01d4e7c28ce7a6d6b28ac42
- 54de95cc33834a2f877ba4842860af27
- ac0dce3b0f5b8d187a2e3f29efc358538fd4aa45
- 76000c77ea9a214f5b2ae8cc387809db
- 91416e90b03e799bcbde19adac80e846639716e138ea7fd3504772ad2c21f371
- 9e82ee5bde6b5d29281a3c280e6d1f2e
- 80e8defa5377018b093b5b90de0f2957f7062144c83a09a56bba1fe4eda932ce
- 4a869e4a816476f12d5cd6aab0625c5f6aab97714a486f6b8a5f484cbc8981f6
- 9ea86dccd5bbde47f8641b62a1eeff07
- 4bace6e0b61f5169bb0ca7f48c38aea2
- 91025d6f02e542f2e37ffce7d0ce8b51
- b4f9e77ce3bc44b5418d82f645cdcb4cf149e6d9204bb876c30f7038498759af
- d58e06727c551756cbee1fc6539929553a09878b
- 3c7480998ade344b74e956f7d3a3f1a989aaf43446163a62f0a8ed34b0c010d0
- c9f2476bf8db102fea7310abadeb9e01
- 14296b21c6e2ba9d56759e2da4b09f58148852ddeefa8fb76a838a30871679a7
- 5022495104c280286e65184e3164f3f248356d065ad76acef48ee2ce244ffdc8
- 2f578cb0d97498b3482876c2f356035e3365e2c492e10513ff4e4159eebc44b8
- 457a2a8d0784e9fc8e49f6ef60f7f29e
- 01735bb47a933ae9ec470e6be737d8f646a8ec66
- 87e8230a9ca3f0c5ccfa56f70276e2f2
- 99a16ad0480bfa00adc470c6ccfa81e993023425
- 6502e8d9c49cc653563ea75f03958900543430be7b9c72e93fd6cf0ebd5271bc
- ffa73b9f9e650f50b8568a647a9a35cf
- dd2db9bfa45002375af028ac00ca1b5e0c1db30a116c21cac2b4c75cb4ff9aec
- b16e217cdca19e00c1b68bdfb28ead53b20adeabd6edcd91542f9fbf48942877
- c2e9fbca414575d5c080d97f378024a4d131d6e1262112aebaa96eafa3592381
- 2c89a18944d3a895bd6432415546635e
- fd3834d566a993c549a13a52d843a4e1
- 646077aaf1ced1b32ae6519beced080f
- 992cb5a753697ee2642aa390f09326fcdb7fd59119053d6b1bdd35d47e62f472
- d8a44d2ed34b5fee7c8e24d998f805d9
- 8ea420d9aa341ba23cdea0ac03951bce866c933ba297268bc7db8a01ce8e9b8e
- 6ee94f6bdc4c4ed0fff621fec36c70ff093659ed
- 682389250d914b95d6c23ab29dffee11cb65cae9
- f4062e52461b38ad9d9a4c936ed916f728968e85325c565233de4418f7e86dc6
- d419a9b17f7b4c23fd4e80a9bce130d2a13c307fccc4bfbc4d49f6b770d06d3b
- 20e3a0955baca4dc7f1f36d3b865e632474add77
- da92fc812b84137cef1571fb6c0285f0
- e2a24ab94f865caeacdf2c3ad015f31f23008ac6db8312c2cbfb32e4a5466ea2
- cc14df781475ef0f3f2c441d03a622ea67cd86967526f8758ead6f45174db78e
- 2f37912e7cb6e5c478e6dc3d0e381a24
- d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee
- b85ed15756568b85148c1d432a8920f81e4b21f2bc38f0cf51d06ced619e0e77
- 59e1edf4d82fae4978e97512b0331b7eb21dd4b838b850ba46794d9c7a2c0983
- 20e1a0e96a210117dd728821dec8742ccfa5213d75e818c80d5bcc5aa8e91afc
- 1006fd38218b6769b39247e7306225b1cd001127
- a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2
- 0299e3c2536543885860c7b61e1efc3f
- e078778b62796bab2d7ab2b04d6b01bf
- 45de4b0457b2244f810d2793226f0ec27f252a35
- 8bcbf1c43d0550e4b8048137fbed5a7ab3c44ae4
- e889544aff85ffaf8b0d0da705105dee7c97fe26
- 3928c5874249cc71b2d88e5c0c00989ac394238747bb7638897fc210531b4aab
- 78147d3be7dc8cf7f631de59ab7797679aba167f82655bcae2c1b70f1fafc13d
- 47ec51b5f0ede1e70bd66f3f0152f9eb536d534565dbb7fcc3a05f542dbe4428
- be6c46239e9c753de227bf1f3428e271
- d7b487d2e840c4546661f497af0195614fc0906c03d187dc39815c811ea5ec3f
- a4839090ffea89bc9c9223d1f9cdeff2
- d8e8eb2714c91b9968ffd409f771e7e1
- 3ccb77a10497a32efcaa42ac646ca6cf
- 2ffe59a6a047b2333a1f3eb58753f3bc
- bc65ed919988c8e4b8f5a1cd371745456601700a
- 5d6b9e80e12bfc595d4d26f6afb099b3cb471dd4
- 6f76505a91c91c29238f0ed70b369417
TTPs & Attack Vectors
Tools, initial access, and MITRE ATT&CK techniques for medusalocker
CVE-2026-23760
CVE-2026-1731
CVE-2025-52691
CVE-2025-47176
CVE-2025-47171
CVE-2025-31324
CVE-2025-31161
CVE-2025-10035
CVE-2024-27199
CVE-2024-27198
CVE-2024-21887
CVE-2024-1709
CVE-2024-1708
CVE-2023-5129
CVE-2023-5009
CVE-2023-4966
CVE-2023-48788
CVE-2023-46805
CVE-2023-46748
CVE-2023-46747
CVE-2023-46604
CVE-2023-40044
CVE-2023-38831
CVE-2023-38035
CVE-2023-3519
CVE-2023-34039
CVE-2023-27351
CVE-2023-27350
CVE-2023-22515
CVE-2023-21529
CVE-2023-20198
CVE-2023-20109
Other
T1486
T1486
T1490
T1490
T1071
T1071
T1041
T1041
T1562
T1562
T1203
T1203
T1080
T1080
T1021
T1021
T1059
T1059
T1078
T1078
T1547
T1547
T1021.001
T1021.001
Victims(38)
| Company | Domain | Country | Industry | Status | Discovered | |
|---|---|---|---|---|---|---|
| dolrad | — | — | — | Claimed | 6 days ago | |
| Mairie Thiverval Grignon | — | FR France | Government & Defense | Claimed | 6 days ago | |
| sitgroup | — | IT Italy | — | Claimed | 7 days ago | |
| BAEAOAI | — | — | — | Claimed | 8 days ago | |
| BAKAXAH | — | — | — | Claimed | 8 days ago | |
| BAEAXAI | — | — | — | Claimed | 8 days ago | |
| T Online | — | — | — | Claimed | 10 days ago | |
| FunkeScheid | — | — | — | Claimed | 10 days ago | |
| Dadolighting | — | — | Manufacturing | Claimed | 10 days ago | |
| Sgs Gmbh | — | — | Other | Claimed | 13 days ago | |
| Karneslegal | — | US United States | Professional Services | Claimed | 16 days ago | |
| BATAZAI | — | — | — | Claimed | 16 days ago | |
| Estrela | — | IN India | Technology | Claimed | 16 days ago | |
| BARAAAI | — | — | — | Claimed | 22 days ago | |
| BAPAMAI | — | — | — | Claimed | 24 days ago | |
| BAUARAI | — | — | — | Claimed | 24 days ago | |
| BAVADAI | — | — | — | Claimed | 26 days ago | |
| BAVACAI | — | MY Malaysia | Professional Services | Claimed | 26 days ago | |
| baralai | — | — | — | Claimed | 26 days ago | |
| BAVAQAI | — | — | — | Claimed | 26 days ago |
Page 1 of 2
Affected countries(76)
Countries where this group has been reported to target or leak victims.
🇦🇪United Arab Emirates🇦🇬Antigua and Barbuda🇦🇲Armenia🇦🇴Angola🇦🇷Argentina🇦🇺Australia🇧🇦Bosnia and Herzegovina🇧🇩Bangladesh🇧🇪BelgiumBolivia, Plurinational State of🇧🇷Brazil🇨🇦Canada🇨🇭Switzerland🇨🇱Chile🇨🇳China🇨🇴Colombia🇨🇷Costa Rica🇨🇾Cyprus🇨🇿Czech Republic🇩🇪Germany🇩🇴Dominican Republic🇩🇿Algeria🇪🇪Estonia🇪🇬Egypt🇪🇸Spain🇫🇷France🇬🇧United Kingdom🇬🇪GeorgiaGuernseyGuadeloupe🇭🇷Croatia🇭🇺Hungary🇮🇩Indonesia🇮🇪Ireland🇮🇱Israel🇮🇳IndiaIran, Islamic Republic of🇮🇹Italy🇯🇲Jamaica🇯🇴Jordan🇯🇵Japan🇰🇪Kenya🇱🇧Lebanon🇲🇦Morocco🇲🇬MadagascarMacao🇲🇽Mexico🇲🇾Malaysia🇳🇬Nigeria🇳🇱Netherlands🇳🇴Norway🇳🇿New Zealand🇵🇪PeruFrench Polynesia🇵🇬Papua New Guinea🇵🇭Philippines🇵🇰Pakistan🇵🇹Portugal🇵🇾Paraguay🇷🇸SerbiaRussian Federation🇸🇦Saudi Arabia🇸🇪Sweden🇸🇬Singapore🇸🇰Slovakia🇸🇳Senegal🇹🇭Thailand🇹🇴Tonga🇹🇷Turkey🇹🇹Trinidad and TobagoTaiwan, Province of China🇺🇸United StatesVenezuela, Bolivarian Republic of🇿🇦South Africa🇿🇼ZimbabweGlobal