Security News > 2023 > March > Medusa ransomware gang picks up steam as it targets companies worldwide
A ransomware operation known as Medusa has begun to pick up steam in 2023, targeting corporate victims worldwide with million-dollar ransom demands.
Many malware families call themselves Medusa, including a Mirai-based botnet with ransomware capabilities, a Medusa Android malware, and the widely known MedusaLocker ransomware operation.
The Medusa ransomware operation launched around June 2021 and has been using a ransom note named !!!READ ME MEDUSA!!!
As an extra step to prevent the restoration of files from backups, the Medusa ransomware will run the following command to delete locally stored files associated with backup programs, like Windows Backup.
Like most enterprise-targeting ransomware operations, Medusa has a data leak site named 'Medusa Blog.' This site is used as part of the gang's double-extortion strategy, where they leak data for victims who refuse to pay a ransom.
No known weaknesses in the Medusa Ransomware encryption allow victims to recover their files for free.