Summary: The Medusa ransomware has emerged as a prominent tool for the threat group known as “Spearwing,” which has targeted nearly 400 victims since 2023. Their ransom demands can range from 0,000 to million, and they employ tactics such as double extortion to pressure victims. The group exploits unpatched vulnerabilities, particularly in Microsoft Exchange Servers, to gain access to networks and conduct attacks.
Affected: Organizations vulnerable to ransomware attacks
Keypoints :
- Spearwing has conducted hundreds of Medusa ransomware attacks since 2023.
- Ransom demands range from 0,000 to million, with additional fees for late payments.
- The group exploits unpatched vulnerabilities in public-facing applications, particularly targeted at Microsoft Exchange Servers.
- There are questions about Spearwing’s operational model, whether functioning as a RaaS or collaborating with a limited number of affiliates.
Source: https://www.darkreading.com/cyberattacks-data-breaches/spearwing-raas-cyber-threat-scene