BingoTingo Best Place To Gain Knowledge & WP Theme
A ransomware operator who has kept a low profile for the past few years has struck gold after a series of successful and high-profile ransomware attacks against business victims.
By Bleeping Computer (opens in new tab)the threat group known as Medusa dates back to June 2021, but is only in the spotlight after the recent attack on the Minneapolis Public Schools (MPS) district.
Several sources claim that the group has demanded $1 million in exchange for the decryption key, with negotiations still ongoing. Now MPS has until March 17 to pay, or it faces the leak of sensitive data to the public via a dedicated blog.
Identity crisis
However, if the group plans to become more active, a rebranding may be considered. There are several other threat actors that go by the Medusa name, resulting in confusing media reports, BleepingComputer says.
Such examples include an entirely different ransomware group called MedusaLocker, a piece of Android malware called Medusa, and a Medusa botnet based on the infamous Mirai.
The MedusaLocker ransomware group is believed to be two years older than Medusa, as the first reports of its activities appeared in 2019. It is a Ransomware-as-a-Service group, with multiple affiliates using the service to target business victims.
The two groups also differ in the ransom notes they leave behind. While MedusaLocker leaves a .HTML file called How_to_back_files, Medusa leaves a .TXT file called !!!READ_ME_MEDUSA!!! behind.
In addition, Medusa encrypts files with the .MEDUSA file extension, while MedusaLocker uses a wide variety of extensions.
Via: Bleeping Computer (opens in new tab)
