Skip to content

Hide Navigation Hide TOC

MedusaLocker Ransomware (c9e824b2-554b-4f42-b4c3-48e0a841f589)

MedusaLocker is a ransomware-as-a-service ("RaaS") operation that has been active since September 2019. U.S. cybersecurity authorities indicate that MedusaLocker operators have primarily targeted victims in the healthcare sector, among other unspecified sectors. Initial access for MedusaLocker intrusions originally came via phishing and spam email campaigns, but since 2022 has typically occurred via exploit of vulnerable Remote Desktop Protocol devices.[HC3 Analyst Note MedusaLocker Ransomware February 2023]

Malpedia (Research): https://malpedia.caad.fkie.fraunhofer.de/details/win.medusalocker

Malware Bazaar (Samples & IOCs): https://bazaar.abuse.ch/browse/tag/medusalocker/

Cluster A Galaxy A Cluster B Galaxy B Level
MedusaLocker Ransomware (c9e824b2-554b-4f42-b4c3-48e0a841f589) Tidal Software MedusaLocker Ransomware Actors (55b20209-c04a-47ab-805d-ace83522ef6a) Tidal Groups 1