BTC $58270.6324
ETH $3301.4664
BNB $400.6794
SOL $110.0515
XRP $0.5824
ADA $0.6271
AVAX $39.6830
DOGE $0.0970
TRX $0.1429
wstETH $3808.1443
DOT $8.3586
LINK $19.1334
WETH $3305.4834
MATIC $1.0428
UNI $11.0186
WBTC $57881.0446
IMX $3.3465
ICP $13.0316
BCH $301.2119
LTC $74.8427
CAKE $3.2026
ETC $28.3635
FIL $7.9610
LEO $4.4139
RNDR $7.4060
KAS $0.1700
HBAR $0.1136
DAI $1.0002
ATOM $11.3163
INJ $41.0291
VET $0.0502
TON $2.1419
OKB $51.8401
STX $3.2222
LDO $3.5190
FDUSD $0.9951
XMR $138.3902
XLM $0.1221
ARB $1.8935
NEAR $3.9358
TIA $16.9317
GRT $0.2829
WEMIX $2.2582
ENS $22.5313
MKR $2167.8555
APEX $2.4646
THETA $1.9298
BTC $58270.6324
ETH $3301.4664
BNB $400.6794
SOL $110.0515
XRP $0.5824
ADA $0.6271
AVAX $39.6830
DOGE $0.0970
TRX $0.1429
wstETH $3808.1443
DOT $8.3586
LINK $19.1334
WETH $3305.4834
MATIC $1.0428
UNI $11.0186
WBTC $57881.0446
IMX $3.3465
ICP $13.0316
BCH $301.2119
LTC $74.8427
CAKE $3.2026
ETC $28.3635
FIL $7.9610
LEO $4.4139
RNDR $7.4060
KAS $0.1700
HBAR $0.1136
DAI $1.0002
ATOM $11.3163
INJ $41.0291
VET $0.0502
TON $2.1419
OKB $51.8401
STX $3.2222
LDO $3.5190
FDUSD $0.9951
XMR $138.3902
XLM $0.1221
ARB $1.8935
NEAR $3.9358
TIA $16.9317
GRT $0.2829
WEMIX $2.2582
ENS $22.5313
MKR $2167.8555
APEX $2.4646
THETA $1.9298
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Medusa ransomware gang gains momentum and attacks companies around the world

    The Medusa extortion campaign began in June 2021. Then its activity was relatively low, and there were few victims. This year, the situation has changed: the gang stepped up and launched its own blog, used to publish data leaks of victims who refused to pay the ransom.

    The Medusa group has gained media attention after claiming responsibility for the attack on the Minneapolis school system and even sharing a video of stolen data.

    Many malware families are named "Medusa". These include a Mirai-based botnet with ransomware capabilities, Android malware, and the notorious MedusaLocker ransomware operation. These are all completely different malicious campaigns. Due to the similar names of malware, even the researchers themselves sometimes make mistakes in their reports.

    The Medusa ransomware supports many arguments that can change how it works. During normal startup, the program automatically shuts down over 280 Windows services and processes so that nothing interferes with file encryption. The malware then looks for and deletes Windows backups to prevent them from being used to restore files.

    The current version of Medusa encrypts files using the AES-256+RSA-2048 method using the BCrypt library. Encrypted files get the extension ".MEDUSA", and in each folder that contained any data, the file "!!!READ_ME_MEDUSA!!!.txt" appears, containing information about what happened to the victim's files, as well as how can be corrected.

    The ransom note includes the attackers' contact information, their Telegram channel, email, and onion sites accessible only through the Tor Browser:

    • a data leak site used by the gang as part of a double extortion strategy in which hackers leak data about victims who refuse to pay ransom;
    • a negotiation site where, in a fully encrypted and secure chat, attackers can issue ultimatums to their victims or make recommendations for decrypting data after receiving a ransom.

    Unfortunately, none of the known vulnerabilities in Medusa ransomware encryption has yet allowed victims to restore their files for free. Researchers will continue to analyze the ransomware for flaws that allow not paying a ransom to attackers.

    The optimism of researchers is not without reason. After all, hackers are people too, and they can make mistakes.

    Author DeepWeb
    New 'Dark Power' ransomware hits its first dozens of victims
    Malicious revolution: IcedID changes tactics and becomes even more dangerous

    Comments 0

    Add comment