Summary: The Medusa ransomware has seen a significant rise in attacks, doubling in early 2025 compared to the previous year, according to Symantec. Utilizing a ransomware-as-a-service model, it targets various sectors globally while employing double-extortion tactics. With ransoms demanded between 0,000 and million, Medusa exploits vulnerabilities in systems like Microsoft Exchange and VMware ESXi.
Affected: Organizations across healthcare, manufacturing, education, and more globally
Keypoints :
- Medusa ransomware attacks increased by 42% between 2023 and 2024, with a notable jump in early 2025.
- Operates under a ransomware-as-a-service model, targeting unpatched systems and leveraging legitimate accounts for access.
- Utilizes double-extortion tactics, encrypting files and demanding ransom within a specified timeframe, which can be extended for additional fees.
Source: https://www.securityweek.com/medusa-ransomware-attacks-increase/