19 matches found
Storm-1175 Deploys Medusa Ransomware Within 24 Hours of Flaw Disclosure
Microsoft researchers have uncovered a fast-moving group, Storm-1175, launching high-speed Medusa ransomware attacks against healthcare and education sectors in the UK, US, and Australia by exploiting security flaws in as little as 24 hours...
China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware
A China-based threat actor known for deploying Medusa ransomware has been linked to the weaponization of a combination of zero-day and N-day vulnerabilities to orchestrate "high-velocity" attacks and break into susceptible internet-facing systems. "The threat actor's high operational tempo and...
Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations
In this article 1. Storm-1175’s rapid attack chain: From initial access to impact 2. Mitigation and protection guidance 3. Microsoft Defender detections 4. Indicators of compromise The financially motivated cybercriminal actor tracked by Microsoft Threat Intelligence as Storm-1175 operates...
North Korean Lazarus Group Adopts Medusa Ransomware in Global Attacks
Lazarus Group is now using Medusa ransomware in attacks on healthcare and social services, signaling a move toward profit-focused cybercrime...
Lazarus Group Uses Medusa Ransomware in Middle East and U.S. Healthcare Attacks
The North Korea-linked Lazarus Group aka Diamond Sleet and Pompilus has been observed using Medusa ransomware in an attack targeting an unnamed entity in the Middle East, according to a new report by the Symantec and Carbon Black Threat Hunter Team. Broadcom's threat intelligence division said it...
Medusa Ransomware Leaks 834 GB of Comcast Data After $1.2M Demand
Medusa ransomware leaks 186 GB of Comcast data, claiming 834 GB stolen after a $1.2M ransom demand apparently went unpaid...
Medusa Ransomware Exploiting GoAnywhere MFT Flaw, Confirms Microsoft
Latest reports suggest the critical GoAnywhere MFT vulnerability CVE-2025-10035, CVSS 10.0 is actively exploited by the Medusa ransomware gang for unauthenticated RCE. Patch immediately...
Microsoft Links Storm-1175 to GoAnywhere Exploit Deploying Medusa Ransomware
Microsoft on Monday attributed a threat actor it tracks as Storm-1175 to the exploitation of a critical security flaw in Fortra GoAnywhere software to facilitate the deployment of Medusa ransomware. The vulnerability is CVE-2025-10035 CVSS score: 10.0, a critical deserialization bug that could...
Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability
On September 18, 2025, Fortra published a security advisory regarding a critical deserialization vulnerability in GoAnywhere MFT's License Servlet, which is tracked as CVE-2025-10035 and has a CVSS score of 10.0. The vulnerability could allow a threat actor with a validly forged license response...
Medusa Ransomware Claims Comcast Data Breach, Demands $1.2M
Medusa ransomware group claims 834 GB data theft from Comcast, demanding $1.2M ransom while sharing screenshots and file listings...
NASCAR Confirms Medusa Ransomware Breach After $4M Demand
Medusa Ransomware breached NASCAR, demanded $4 million, leaked sensitive data including maps and staff info, exposing major security failures. The incident was exclusively reported by Hackread.com...
Medusa Ransomware Claims NASCAR Breach in Latest Attack
Medusa ransomware hits NASCAR, demands $4M ransom, leaks internal files. Group also claims Bridgebank, McFarland, and Pulse Urgent Care...
Medusa Ransomware Disables Anti-Malware Tools with Stolen Certificates
Cybercriminals exploit AbyssWorker driver to disable EDR systems, deploying MEDUSA ransomware with revoked certificates for stealthy attacks...
Medusa Ransomware Uses Malicious Driver to Disable Anti-Malware with Stolen Certificates
The threat actors behind the Medusa ransomware-as-a-service RaaS operation have been observed using a malicious driver dubbed ABYSSWORKER as part of a bring your own vulnerable driver BYOVD attack designed to disable anti-malware tools. Elastic Security Labs said it observed a Medusa ransomware...
FBI and CISA Urge Enabling 2FA to Counter Medusa Ransomware
FBI and CISA warn of Medusa ransomware attacks impacting critical infrastructure. Learn about Medusa's tactics, prevention tips, and…...
CISA and Partners Release Cybersecurity Advisory on Medusa Ransomware
Today, CISA—in partnership with the Federal Bureau of Investigation FBI and Multi-State Information Sharing and Analysis Center MS-ISAC—released joint Cybersecurity Advisory, StopRansomware: Medusa Ransomware. This advisory provides tactics, techniques, and procedures TTPs, indicators of compromi...
Medusa Ransomware Hits 40+ Victims in 2025, Demands $100K–$15M Ransom
The threat actors behind the Medusa ransomware have claimed nearly 400 victims since it first emerged in January 2023, with the financially motivated attacks witnessing a 42% increase between 2023 and 2024. In the first two months of 2025 alone, the group has claimed over 40 attacks, according to...
Medusa Ransomware Unleashed A Growing Cybersecurity Menace
Summary: Medusa ransomware, a potent threat since late 2022, employs a multi-extortion approach via its Medusa Blog, disclosing victim data and pressuring non-compliant organizations. Operating as a ransomware-as-a-service, Medusas global impact underscores the need for proactive cybersecurity...
Medusa Ransomware on the Rise: From Data Leaks to Multi-Extortion
The threat actors associated with the Medusa ransomware have ramped up their activities following the debut of a dedicated data leak site on the dark web in February 2023 to publish sensitive data of victims who are unwilling to agree to their demands. "As part of their multi-extortion strategy,...