A Medusa, you really don’t want to encounter

Ransomware White Hat todayFebruary 13, 2024 123

Background
share close

MedusaLocker

We are sure everyone has heard about medusas. They have a very amazing and unique appearance; however, they can be very dangerous to encounter. In the realm of IT, there exists a ‘Medusa’ just as formidable – the MedusaLocker, a type of ransomware. In this article, we will go through the intricacies of this digital threat. Understanding MedusaLocker is crucial as it poses a significant threat to both individuals and organizations.

The MedusaLocker was first detected in September of 2019 and has been active ever since. It works in a Ransomware-as-a-Service (RaaS) model, which means that it is developed by one group and distributed by various affiliates who share the profits from the ransom payments. Initially, it was primarily targeting the healthcare sector during the COVID-19 pandemic. Nowadays, the attackers target small, midsize businesses (SMBs) and corporates, encrypting their files with different extensions and demanding a ransom in cryptocurrency for decryption.

But how does it work?

MedusaLocker mainly relies on two methods to gain access to victims’ systems: exploiting vulnerable Remote Desktop Protocol (RDP) configurations and sending phishing emails with malicious attachments. To increase the damage, once it breaches a system, it tries to delete shadow copy backups and disable the Windows recovery options to prevent data restoration.

Is it that dangerous?

According to Microsoft’s Digital Defense Report (2023)[1], 80-90% of all ransomware compromises originate from unmanaged devices due to fewer security controls and defenses. MedusaLocker is a serious threat that can cause significant data loss and financial damage. Statistics show that in 2021 ransomware cost the world $20 billion, but this is expected to rise to $265 billion by 2031.[2]

Okay, but how can we protect against ransomware attacks?

To protect against ransomware attacks, companies and users should keep their systems and applications updated with the latest security patches, avoid opening suspicious emails and attachments, use reputable endpoint security software and firewall to detect and block malicious activities, and backup important data regularly.

In addition, it’s highly recommended to consult with a Managed Security Service Provider (MSSP). An MSSP can provide expert guidance and proactive monitoring to help prevent and respond to threats like MedusaLocker.

The conclusion is that as our reliance on digital systems grows, so does the threat from ransomware like MedusaLocker. Staying informed and taking proactive measures are our best defense against these digital threats.

Allocating resources towards the enhancement of the company’s security measures and maintaining a robust defense system is a more cost-effective strategy than dealing with the financial implications of a ransom payment.

In the coming weeks, we’ll be posting a detailed technical analysis of MedusaLocker. To ensure you don’t miss this insightful content, don’t forget to sign up for our newsletter.

[1] Microsoft Digital Defense Report 2023 (MDDR) | Microsoft Security Insider

[2] Ransomware Statistics, Trends and Facts for 2024 and Beyond (cloudwards.net)

Written by: White Hat

Rate it
Previous post

Similar posts