How Medusa Ransomware works

B2B Cyber ​​Security ShortNews

Share post

Research team Unit 42 has released a new research report on the Medusa ransomware gang, revealing the threat actors' tactics, tools and procedures.

Unit 42 noted an escalation in Medusa ransomware operations and a shift in tactics toward extortion, marked by the launch of a dedicated leak site (DLS) called Medusa Blog in early 2023. Medusa threat actors use this website to publish sensitive data of victims who are unwilling to meet their ransom demands. As part of their multi-extortion strategy, this group offers victims multiple options when their data is published on the leak site, such as time extension, data deletion or downloading all data. All of these options come at a price depending on which organization is affected by this group.

In addition to their strategy of using an onion site for extortion, Medusa threat actors also deploy a public Telegram channel called “Information Support,” where files from compromised organizations are publicly shared and are more easily accessible than on traditional onion sites.

Insights into Medusa ransomware

  • Introducing the new Medusa blog, accessible via TOR and released in early 2023 to expose sensitive data of victims who are unwilling to respond to their ransom demands.
  • The operators offer the victims multiple options for paying the ransom if their data is published to their DLS. For example, a standard fee for a time extension to prevent data from being published on their blog is $10.000.
  • Medusa is opportunistic and targets a wide range of industries including technology, education, manufacturing and healthcare. In 2023, 74 organizations worldwide were affected.
  • The group spreads its ransomware primarily by exploiting vulnerable services or publicly accessible assets or applications with known unpatched vulnerabilities and hijacking legitimate accounts, often using initial access intermediaries for infiltration.
  • The group uses a public Telegram channel called “Information Support,” which shares files from compromised organizations and is more accessible than traditional onion sites.
More at


About Palo Alto Networks

Palo Alto Networks, the global leader in cybersecurity solutions, is shaping the cloud-based future with technologies that transform the way people and businesses work. Our mission is to be the preferred cybersecurity partner and protect our digital way of life. We help you address the world's biggest security challenges with continuous innovation leveraging the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem of partners, we are the leaders in protecting tens of thousands of businesses across clouds, networks and mobile devices. Our vision is a world where every day is safer than the one before.


Matching articles on the topic

Report: 40 percent more phishing worldwide

The current spam and phishing report from Kaspersky for 2023 speaks for itself: users in Germany are after ➡ Read more

BSI sets minimum standards for web browsers

The BSI has revised the minimum standard for web browsers for administration and published version 3.0. You can remember that ➡ Read more

Stealth malware targets European companies

Hackers are attacking many companies across Europe with stealth malware. ESET researchers have reported a dramatic increase in so-called AceCryptor attacks via ➡ Read more

IT security: Basis for LockBit 4.0 defused

Trend Micro, working with the UK's National Crime Agency (NCA), analyzed the unpublished version that was in development ➡ Read more

MDR and XDR via Google Workspace

Whether in a cafe, airport terminal or home office – employees work in many places. However, this development also brings challenges ➡ Read more

Test: Security software for endpoints and individual PCs

The latest test results from the AV-TEST laboratory show very good performance of 16 established protection solutions for Windows ➡ Read more

AI on Enterprise Storage fights ransomware in real time

NetApp is one of the first to integrate artificial intelligence (AI) and machine learning (ML) directly into primary storage to combat ransomware ➡ Read more

FBI: Internet Crime Report counts $12,5 billion in damage 

The FBI's Internet Crime Complaint Center (IC3) has released its 2023 Internet Crime Report, which includes information from over 880.000 ➡ Read more