Medusa Ransomware (c387c7e0-b8d9-4475-8672-c1285e38f2a1)
This object reflects the ATT&CK Techniques associated with the Medusa Ransomware encryptor tool. Medusa is a ransomware-as-a-service (RaaS) operation that employs a double extortion model, encrypting victim data and threatening to release exfiltrated data if a ransom is not paid.[U.S. CISA Medusa Ransomware March 12 2025]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Medusa Ransomware Actors (316a49d5-5fe0-4e0b-a276-f955f4277162) | Tidal Groups | Medusa Ransomware (c387c7e0-b8d9-4475-8672-c1285e38f2a1) | Tidal Software | 1 |