Medusa ransomware – Threat Note

From Dark Reading – Medusa Rides Momentum From Ransomware-as-a-Service Pivot

Shifting to a RaaS business model has accelerated the group's growth, and targeting critical industries like healthcare, legal, and manufacturing hasn't hurt either. Read More

shaikh Saqib April 4, 2025

Vulnerabilities

From Cybersecurity Help – Cyber Security Week in Review: March 28, 2025

In brief: Google patches a Chrome zero-day bug, MMC zero-day bug linked to EncryptHub attacks, and more. Read More

Samir K March 28, 2025

News

From The Hacker News – Hackers Repurpose RansomHub’s EDRKillShifter in Medusa, BianLian, and Play Attacks

A new analysis has uncovered connections between affiliates of RansomHub and other ransomware groups like Medusa, BianLian, and Play. The connection stems from the use of a custom tool that's designed to disable endpoint detection and response (EDR) software on compromised hosts, according to ESET. The EDR killing tool, dubbed EDRKillShifter, was first documented as used by RansomHub actors in

shaikh Saqib March 27, 2025

News

From Security Week – Ransomware Groups Increasingly Adopting EDR Killer Tools

[[{"value":"ESET uncovers a link between RansomHub, Play, Medusa, and BianLian ransomware gangs as more groups adopt tools to disable EDR software. The post Ransomware Groups Increasingly Adopting EDR Killer Tools…

shaikh Saqib March 27, 2025

Vulnerabilities

From Cybersecurity Help – Medusa ransomware uses malicious China-linked driver to disable security tools

The driver is designed to masquerade as a legitimate CrowdStrike Falcon driver. Read More

shaikh Saqib March 24, 2025

News

From Security Week – Medusa Ransomware Uses Malicious Driver to Disable Security Tools

[[{"value":"The Medusa ransomware relies on a malicious Windows driver to disable the security tools running on the infected systems. The post Medusa Ransomware Uses Malicious Driver to Disable Security Tools…

shaikh Saqib March 24, 2025

News

From The Hacker News – ⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More

A quiet tweak in a popular open-source tool opened the door to a supply chain breach—what started as a targeted attack quickly spiraled, exposing secrets across countless projects. That wasn’t the only stealth move. A new all-in-one malware is silently stealing passwords, crypto, and control—while hiding in plain sight. And over 300 Android apps joined the chaos, running ad

shaikh Saqib March 24, 2025

News

From The Hacker News – Medusa Ransomware Uses Malicious Driver to Disable Anti-Malware with Stolen Certificates

The threat actors behind the Medusa ransomware-as-a-service (RaaS) operation have been observed using a malicious driver dubbed ABYSSWORKER as part of a bring your own vulnerable driver (BYOVD) attack designed to disable anti-malware tools. Elastic Security Labs said it observed a Medusa ransomware attack that delivered the encryptor by means of a loader packed using a packer-as-a-service (PaaS

shaikh Saqib March 21, 2025

Vulnerabilities

From Cybersecurity Help – Cyber Security Week in Review: March 14, 2025

In brief: Microsoft, Apple fix zero-days, LockBit ransomware dev extradited to the US, and more. Read More

shaikh Saqib March 14, 2025

News

From Dark Reading – FBI, CISA Raise Alarms As Medusa Ransomware Attacks Grow

Medusa developers have been targeting a wide variety of critical infrastructure sectors, from healthcare and technology to manufacturing and insurance, racking up its victim count as it seemingly adds to…

shaikh Saqib March 14, 2025

Articles

From Graham Cluley – Medusa ransomware: FBI and CISA urge organisations to act now to mitigate threat

The Medusa ransomware gang continues to present a major threat to the critical infrastructure sector, according to a newly-released - with at least one organisation hit with a "triple-extortion" threat.…

shaikh Saqib March 13, 2025

News

From Security Week – Medusa Ransomware Made 300 Critical Infrastructure Victims

[[{"value":"CISA, FBI, and MS-ISAC warn of Medusa ransomware attacks targeting critical infrastructure organizations. The post Medusa Ransomware Made 300 Critical Infrastructure Victims appeared first on SecurityWeek."}]] Read More

shaikh Saqib March 13, 2025

News

From Dark Reading – ‘Spearwing’ RaaS Group Ruffles Feathers in Cyber Threat Scene

The group is using the Medusa malware and taking up space once held by other notable ransomware groups like LockBot, increasing its victim list to 400 and demanding astoundingly high…

shaikh Saqib March 8, 2025

News

From Security Week – Medusa Ransomware Attacks Increase

[[{"value":"The number of Medusa ransomware attacks observed in the first two months of 2025 doubled compared to the same period last year. The post Medusa Ransomware Attacks Increase appeared first…

shaikh Saqib March 7, 2025

News

From The Hacker News – Medusa Ransomware Hits 40+ Victims in 2025, Demands $100K–$15M Ransom

The threat actors behind the Medusa ransomware have claimed nearly 400 victims since it first emerged in January 2023, with the financially motivated attacks witnessing a 42% increase between 2023 and 2024. In the first two months of 2025 alone, the group has claimed over 40 attacks, according to data from the Symantec Threat Hunter Team said in a report shared with The Hacker News. The

shaikh Saqib March 6, 2025