Summary: The Medusa ransomware gang has targeted over 300 victims within critical infrastructure sectors, including healthcare and education, according to U.S. cybersecurity agencies. Since its emergence in June 2021, it has employed basic attack methods such as phishing and exploiting unpatched vulnerabilities. The groupβs operations include extorting ransom payments and potentially executing multiple extortion schemes on victims.
Affected: Various organizations in critical infrastructure sectors including medical, education, legal, insurance, technology, manufacturing, and government bodies.
Keypoints :
- The Medusa ransomware gang has attacked over 300 victims across various sectors.
- Notable vulnerabilities exploited include CVE-2024-1709 and CVE-2023-48788.
- The group operates a ransomware-as-a-service model, recruiting affiliates for initial access to victims.
- One victim experienced a possible triple extortion scheme involving multiple ransom demands.
- High-profile attacks include those on Minneapolis Public Schools and municipalities in France.
- The FBI has clarified that this group is distinct from other Medusa variants and operates through negotiations controlled by its developers.
Source: https://therecord.media/medusa-ransomware-targeting-critical-infrastructure-orgs