MedusaLocker3, also known as FarAttack, is an updated Rust-based ransomware variant that is being deployed alongside GlobeImposter 2.0, with both strains using the same file extensions in some attacks. The group leaves multiple ransom note formats and a long PERSONAL ID in the notes, while victims report signs of RDP compromise, Mimikatz use, and antivirus removal before encryption. #MedusaLocker3 #FarAttack #GlobeImposter20 #Mimikatz #RDP
Keypoints
- MedusaLocker3 is an updated version of MedusaLocker code.
- Attackers may deploy GlobeImposter 2.0 together with MedusaLocker3.
- Both malware families can use the same file extensions during an attack.
- MedusaLocker3 ransom notes include multiple file names and a long PERSONAL ID.
- Victims reported RDP compromise, Mimikatz activity, and disabled security tools before encryption.