Monday, April 15, 2024
HomeCyber CrimeCISA Warns About MedusaLocker Ransomware’s Latest Activity

CISA Warns About MedusaLocker Ransomware’s Latest Activity


In order to draw attention to current MedusaLocker ransomware activity, the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Department of Treasury, and the Financial Crime Enforcement Network (FinCEN) have issued a combined advisory.


For those who are unaware, MedusaLocker first appeared in 2019 and has since increased its assault surface to increase earnings.

What is said in the advisory?

As of May 2022, the ransomware’s developers largely depend on Remote Desktop Protocol (RDP) flaws to get access to victims’ networks. The ransomware encrypts the victims’ data upon execution and then drops a ransom letter with instructions for decrypting files.

In order to pay the ransomware, the message advises victims to a specific Bitcoin wallet address.

According to the advise, the affiliate will receive between 55 and 60 percent of any ransom money obtained as a result of their acts, with the remaining money going to the operators.

Mode of operation

Phishing emails that include RDP exploits are the first step in the infection chain process.

After gaining initial access, the actors use a PowerShell script to spread the ransomware throughout the network.

In order to sustain persistence for a longer amount of time, the ransomware also kills the processes of well-known security and forensic software.

When the computer is in safe mode, MedusaLocker encrypts data using the AES-256 and RSA-2048 algorithms.

How can businesses ensure their safety?

To stop such assaults, federal officials have suggested a number of mitigating measures. Among them is developing a recovery strategy to preserve confidential or private information. Additionally, organisations must ensure that copies of crucial data are not available to outsiders for editing or erasing. Staying secure also involves implementing network segmentation and maintaining offline data backups.

IEMLabs is an ISO 27001:2013 and ISO 9001:2015 certified company, we are also a proud member of EC Council, NASSCOM, Data Security Council of India (DSCI), Indian Chamber of Commerce (ICC), U.S. Chamber of Commerce, and Confederation of Indian Industry (CII). The company was established in 2016 with a vision in mind to provide Cyber Security to the digital world and make them Hack Proof. The question is why are we suddenly talking about Cyber Security and all this stuff? With the development of technology, more and more companies are shifting their business to Digital World which is resulting in the increase in Cyber Crimes.


Please enter your comment!
Please enter your name here

Most Popular

Recent Comments

Izzi Казино онлайн казино казино x мобильді нұсқасы on Instagram and Facebook Video Download Made Easy with
Temporada 2022-2023 on CamPhish
2017 Grammy Outfits on Meesho Supplier Panel: Register Now!
React JS Training in Bangalore on Best Online Learning Platforms in India
DigiSec Technologies | Digital Marketing agency in Melbourne on Buy your favourite Mobile on EMI
亚洲A∨精品无码一区二区观看 on Restaurant Scheduling 101 For Better Business Performance

Write For Us