He added that the group doesn’t have a code of ethics, as some teams declare to have. “All through 2023, we noticed the group compromise a number of faculty districts and publish extremely delicate details about college students,” Santos says.
Medusa makes use of preliminary entry brokers for community entry
Different distinctions embody Medusa having its personal media and branding crew, specializing in exploiting internet-facing vulnerabilities, and utilizing preliminary entry brokers (IABs) to achieve entry to methods. “Preliminary entry brokers present risk actors with valet entry to the entrance door of a corporation,” Galiette explains. “Whereas there’s a price related to it, leveraging these teams has confirmed very profitable prior to now.”
“Total,” Galiette provides, “we’re seeing the extra lively or superior ransomware teams leverage preliminary entry brokers. The smaller or rising ransomware teams don’t essentially have the capital to leverage IABs in the identical means.”
The group can be into double ransoms. “Using a double ransom is notable for Medusa, the place they leverage one ransom to decrypt the encrypted components of an setting and a separate extortion demand to forestall leaking stolen information from their victims onto the bigger web,” says Steve Stone, head of Rubrik Zero Labs, the cybersecurity analysis unit of Rubrik, a worldwide information safety and backup software program firm.
Indiscriminate focusing on a common risk posed by ransomware actors
The emergence of the Medusa ransomware in late 2022 and its notoriety in 2023 marks a major improvement within the ransomware panorama, the Unit 42 report famous. This operation showcases complicated propagation strategies, leveraging each system vulnerabilities and preliminary entry brokers, whereas adeptly avoiding detection by living-off-the-land strategies.
The Medusa Weblog signifies a tactical evolution towards multi-extortion, with the group using clear stress techniques on victims by ransom calls for publicized on-line, it continued. With 74 organizations throughout a spectrum of industries affected to this point, Medusa’s indiscriminate focusing on emphasizes the common risk posed by such ransomware actors.