The ransomware operator, who has kept a low profile for the last few years, has struck gold after a series of successful and high-profile ransomware attacks targeting corporate victims.
Behind Beeping Computer (opens in a new tab)The threat group known as Medusa dates back to June 2021, but has only now come into the spotlight following the recent attack on the Minneapolis Public Schools (MPS) District.
Various sources claim that the group has requested $1 million in exchange for the decryption key, and negotiations are still ongoing. Now MPS has until March 17 to pay up or face sensitive data being leaked to the public via a dedicated blog.
Personality crisis
However, if the group plans to be more active, it may consider rebranding. There are many other cyber criminals operating under the Medusa name, which has resulted in confusing media reports, states BleepingComputer.
Such examples include a completely different ransomware group called MedusaLocker, a piece of Android malware called Medusa, and the Medusa botnet based on the infamous Mirai.
The MedusaLocker ransomware group is believed to be two years older than Medusa, as the first reports of its activity began to appear in 2019. This is a group of Ransomware-as-a-Service, with many affiliates using this service to target corporate victims.
The two groups also differ in the ransom notes they leave behind. While MedusaLocker leaves an .HTML file named How_to_back_files, Medusa leaves a .TXT file titled !!!READ_ME_MEDUSA!!!.
Moreover, Medusa encrypts files with the .MEDUSA extension, while MedusaLocker uses a wide range of extensions.
By: Beeping Computer (opens in a new tab)