medusa (620c3817-320a-5772-acf1-008cc8852b0f)

The ransomware landscape remains active in 2024, with various ransomware groups attacking a wide range of organizations. In this context, Medusa Ransomware has emerged as a significant cyber threat, standing out for its data encryption and extortion operations.

Medusa Ransomware appeared in 2021, quickly becoming one of the most feared cyber threats. This malware encrypts critical files and demands ransoms in cryptocurrency, exploiting vulnerabilities in corporate and institutional systems. Known for its advanced phishing tactics, Medusa infiltrates networks with ease, causing significant damage.

Critical sectors such as healthcare and finance have been severely impacted, facing operational disruptions and substantial financial losses. The ransomware continuously evolves, making it difficult for security experts to neutralize it. Medusa's rapid adaptation to new security defenses underscores the urgent need for more robust cybersecurity measures, emphasizing the importance of proactive cybersecurity.

The rise of Medusa Ransomware serves as a global warning about the dangers of sophisticated cyber threats and the need for ongoing preparedness.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	medusa (620c3817-320a-5772-acf1-008cc8852b0f)	Ransomware	1
medusa (620c3817-320a-5772-acf1-008cc8852b0f)	Ransomware	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	1
medusa (620c3817-320a-5772-acf1-008cc8852b0f)	Ransomware	External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d)	Attack Pattern	1
medusa (620c3817-320a-5772-acf1-008cc8852b0f)	Ransomware	Software Packing - T1045 (6ff403bc-93e3-48be-8687-e102fdba8c88)	Attack Pattern	1
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	medusa (620c3817-320a-5772-acf1-008cc8852b0f)	Ransomware	1
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	medusa (620c3817-320a-5772-acf1-008cc8852b0f)	Ransomware	1
medusa (620c3817-320a-5772-acf1-008cc8852b0f)	Ransomware	Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	1
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776)	Attack Pattern	medusa (620c3817-320a-5772-acf1-008cc8852b0f)	Ransomware	1
medusa (620c3817-320a-5772-acf1-008cc8852b0f)	Ransomware	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	1
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	medusa (620c3817-320a-5772-acf1-008cc8852b0f)	Ransomware	1
Inhibit System Recovery - T1490 (f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a)	Attack Pattern	medusa (620c3817-320a-5772-acf1-008cc8852b0f)	Ransomware	1
medusa (620c3817-320a-5772-acf1-008cc8852b0f)	Ransomware	Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	1
medusa (620c3817-320a-5772-acf1-008cc8852b0f)	Ransomware	Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	1
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	medusa (620c3817-320a-5772-acf1-008cc8852b0f)	Ransomware	1
Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b)	Attack Pattern	medusa (620c3817-320a-5772-acf1-008cc8852b0f)	Ransomware	1
Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0)	Attack Pattern	medusa (620c3817-320a-5772-acf1-008cc8852b0f)	Ransomware	1
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	medusa (620c3817-320a-5772-acf1-008cc8852b0f)	Ransomware	1
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	medusa (620c3817-320a-5772-acf1-008cc8852b0f)	Ransomware	1
Safe Mode Boot - T1562.009 (28170e17-8384-415c-8486-2e6b294cb803)	Attack Pattern	medusa (620c3817-320a-5772-acf1-008cc8852b0f)	Ransomware	1
Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872)	Attack Pattern	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	2
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	Software Packing - T1045 (6ff403bc-93e3-48be-8687-e102fdba8c88)	Attack Pattern	2
Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872)	Attack Pattern	Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	2
Safe Mode Boot - T1562.009 (28170e17-8384-415c-8486-2e6b294cb803)	Attack Pattern	Safe Mode Boot - T1688 (c7660f19-f8c5-4ae3-a5e5-24381c270376)	Attack Pattern	2
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	3