welcome
Are you a new user?
REGISTER HERE





RETRIEVE PASSWORD

Medusa Ransomware Is Turning Unpatched Systems To Stone

The cybercriminals behind Medusa ransomware increased their activity after a website dedicated to leaked data appeared on the dark web about a year ago.

Medusa is a ransomware family that became prominent in 2023 and targets a wide range of industries. Cybercriminals have infected at least 74 organizations with Medusa ransomware.

Cybercriminals publish the sensitive data of ransomware victims who do not meet their demands on their websites. The gangs pressure victims by posting "information about the organizations, ransom demanded, the amount of time left before the stolen data is released publicly, and the number of views in a bid."

According to researchers at Palo Alto Networks Unit 42, the Medusa group's "multi-extortion strategy" gives victims options with different price tags, such as "time extension, data deletion or download of all the data," after they post the victim's data on the site.

The ransomware group exploits "internet-facing assets or applications with known unpatched vulnerabilities" to access networks and then launches the ransomware to "enumerate and encrypt all files" that are not those associated with the ransomware. Medusa malware uses "living-off-the-land (LotL) techniques" to avoid detection. "Medusa Ransomware on the Rise: From Data Leaks to Multi-Extortion" thehackernews.com (Jan. 12, 2024).

Commentary

This dangerous type of ransomware targets organizations that have "internet-facing assets or applications with known unpatched vulnerabilities." This highlights the importance of keeping all devices with network access patched with the latest updates.

Require employees to set all work devices to update operating systems and applications automatically or have your IT department set all devices to update automatically before providing them to employees.

Consider prohibiting employees from using personal devices to access your network. If employees must use personal devices, require them to install any updates as soon as they are available. Emphasize that cybercriminals can exploit a single unpatched device to infect the entire organization with ransomware.

State that employees who knowingly violate your cybersecurity policy will face disciplinary action as outlined in your written policy. However, make it clear that employees will not be disciplined for reporting suspicious internet activity, as doing so is essential for your IT department to identify a threat from malware.

Finally, your opinion is important to us. Please complete the opinion survey: