Medusa Ransomware Targets Over 40 Victims: Ransomware Safety Tips
AVP SUITE
March 12,2025
6 mins
Medusa Ransomware Targets Over 40 Victims: Ransomware Safety Tips
Cybersecurity experts are raising alarms as Medusa ransomware continues its relentless expansion. Since its emergence in January 2023, attackers have claimed nearly 400 victims. Financially motivated attacks linked to ransomware have spiked by 42% between 2023 and 2024, signaling a growing threat to organizations worldwide.
Let’s know more about it!
| Table of Contents!
Medusa Ransomware Intensifies Attacks in 2025 Medusa Fills the Void Left by LockBit and BlackCat How Medusa Infiltrates Networks Profit-Driven, Not Ideological How to Protect Your Data from Ransomware How AVP Suite Protects Against Ransomware Final Thoughts! |
Medusa Ransomware Intensifies Attacks in 2025
The first two months of 2025 alone have already seen over 40 confirmed Medusa ransomware attacks, according to data from the Symantec Threat Hunter Team shared with The Hacker News. The cybersecurity company is tracking the Medusa threat cluster under the name Spearwing.
“Like the majority of ransomware operators, Spearwing and its affiliates carry out double extortion attacks, stealing victims’ data before encrypting networks in order to increase the pressure on victims to pay a ransom,” Symantec noted.
Related Read: How to Prevent Ransomware Attacks and Protect Your Online Data
Medusa Fills the Void Left by LockBit and BlackCat
As law enforcement actions disrupt major ransomware groups like LockBit and BlackCat, other Ransomware-as-a-Service (RaaS) players—including RansomHub (aka Greenbottle and Cyclops), Play (aka Balloonfly), and Qilin (aka Agenda, Stinkbug, and Water Galura)—have stepped in to exploit the power vacuum. Here is Medusa’s rising activity. It shows that the group will better fill the void created by these infamous extortionists.
Ransomware as a service has been very active throughout this time, with new entrants such as Anubis, CipherLocker, Core, Dange, LCRYX, Loches, Vgod, and Xelera cropping up in recent months.
Medusa charged ransom demands of $100. 000 to $15 million and targets healthcare providers, non-profits, or interested parties from both merchant establishments and government organizations
How Medusa Infiltrates Networks
Medusa attackers compromise known vulnerabilities in public-facing applications, especially the Microsoft Exchange Server, to initiate access. Cybersecurity officials suspect initial access brokers sell compromised network access for cash.
On the inside, the attackers deploy security persistence through remote management and monitoring (RMM), such as SimpleHelp, AnyDesk, and MeshAgent.
They also use the Bring Your Own Vulnerable Driver (BYOVD) technique to take advantage of legitimate but not up-to-date drivers to disable antivirus protections through KillAV; this method was also employed previously by BlackCat ransomware.
“The use of the legitimate RMM software PDQ Deploy is another hallmark of Medusa ransomware attacks,” Symantec said. “It is typically used by the attackers to drop other tools and files and to move laterally across the victim network.”
Throughout the attack process, Medusa operators rely on a variety of additional tools, including Navicat for database access, RoboCopy and Rclone for data exfiltration.
Read More: Is Your Computer Acting Strange? Here’s Why It Could Be Malware!
Profit-Driven, Not Ideological
“Like most targeted ransomware groups, Spearwing tends to attack large organizations across a range of sectors,” Symantec said. “Ransomware groups tend to be driven purely by profit, and not by any ideological or moral considerations.”
As Medusa and other ransomware groups evolve, cybersecurity experts stress the importance of proactive defense strategies, including patching vulnerabilities, monitoring remote access tools, and implementing robust threat detection measures to counter this growing menace.
| Could Your Files Be Hostage?
AVP Suite Stops Ransomware Before It Strikes Try AVP Suite for Free! |
How to Protect Your Data from Ransomware
Recently, ransomware attacks have risen sharply, with cybercriminals preying on individuals and organizations for ransom by encrypting sensitive data. Since 2021, the Financial Times reports over 4,900 ransomware incidents have been reported in the US, resulting in more than $3.1 billion in ransomware payments.
To protect your sensitive data from ransomware, you should implement proactive steps. Those steps are:
- Regular Data Backups: Back up data regularly and store backup copies offline or in a location that can no longer be reached from an infected computer. By backing up your sensitive data, you can restore your information without giving in to ransom.
- Keep Software Updated: Regularly install software updates and security patches on your operating system and applications. Cybercriminals use outdated software vulnerabilities to deliver ransomware.
- Use Reputable Security Solutions: Only trusted antivirus and anti-malware applications that offer continuous protection against emerging threats are used. Always utilize updated security application software.
- Exercise Caution with Emails: Be cautious of unsolicited emails or emails containing attachments or links. Phishing emails are often a conduit for ransomware attacks.
- Implement Access Controls: Limited user permissions can restrict the lateral spread of ransomware through your network. Restrict user permissions that limit access to only what is required to perform their role.
- Educate Yourself and Others: Stay informed about the latest ransomware tactics and share this knowledge with family members or colleagues to foster a culture of cybersecurity awareness.
Also Read: Top 9 Best Practices to Strengthen Your Cybersecurity
How AVP Suite Protects Against Ransomware
The AVP Suite is a complete cybersecurity solution designed to protect against ransomware and other digital threats.
Here’s how AVP Suite ensures your safety:
- AI-Powered Threat Detection: AVP Suite uses advanced artificial intelligence to detect and eliminate ransomware before it can invade your data.
- Cross-Platform Security: AVP Suite protects you across all of your devices seamlessly, no matter what platform you are using: Windows, macOS, Android, or iOS.
- Anti-Phishing Measures: AVP Suite’s anti-phishing tools are highly effective detectors of bad emails and websites designed to trick you into giving up your private information.
- Ransomware Shield: AVP Suite watches your program for activities everyday to ransomware and stops your data from being encrypted without your knowledge.
- Secure VPN Services: AVP Suite’s integrated VPN capabilities encrypt your internet connection to protect against data interception, particularly over public Wi-Fi.
- Ad Blocker and Anti-Tracking: By preventing intrusive ads and trackers from loading, AVP Suite reduces your chances of unwittingly browsing to a malicious website.
- Digital Identity Protection: The suite actively monitors the dark web for any indication that your personal information has been compromised so you can take measures to protect your identity quickly.
- Password Manager: With AVP Suite’s password manager, you can create and store strong, unique passwords for your accounts so that you are less exposed to credential-based attacks.
- Dark Web Scanner: Scans of the dark web notify you if your data has been posted to compromised databases so that you can proactively act to secure your data.
- Fraud Protection: Advanced fraud detection methods protect you from scams and unauthorized transactions, securing your financial well-being.
- Mobile Security: AVP Suite offers full protection to your mobile devices, protecting you against mobile-based threats and keeping your data safe while moving.
Final Thoughts
In short, while the rising incidence of ransomware is alarming, do not panic! The AVP Suite is your hero and protects you and your family’s personal data using advanced ransomware protection.
So, without further ado, incorporate AVP Suite into your cybersecurity plan to bolster your defenses against ransomware and many other types of cyberattacks to have you, again, peace of mind during these digital times.
Take Control of Your Digital Security with AVP Suite!
Cybersecurity experts are raising alarms as Medusa ransomware continues its relentless expansion. Since its emergence in January 2023, attackers have claimed nearly 400 victims. Financially motivated attacks linked to ransomware have spiked by 42% between 2023 and 2024, signaling a growing threat to organizations worldwide.
Let’s know more about it!
Medusa Ransomware Intensifies Attacks in 2025
The first two months of 2025 alone have already seen over 40 confirmed Medusa ransomware attacks, according to data from the Symantec Threat Hunter Team shared with The Hacker News. The cybersecurity company is tracking the Medusa threat cluster under the name Spearwing.
“Like the majority of ransomware operators, Spearwing and its affiliates carry out double extortion attacks, stealing victims’ data before encrypting networks in order to increase the pressure on victims to pay a ransom,” Symantec noted.
Related Read: How to Prevent Ransomware Attacks and Protect Your Online Data
Medusa Fills the Void Left by LockBit and BlackCat
As law enforcement actions disrupt major ransomware groups like LockBit and BlackCat, other Ransomware-as-a-Service (RaaS) players—including RansomHub (aka Greenbottle and Cyclops), Play (aka Balloonfly), and Qilin (aka Agenda, Stinkbug, and Water Galura)—have stepped in to exploit the power vacuum. Here is Medusa’s rising activity. It shows that the group will better fill the void created by these infamous extortionists.
Ransomware as a service has been very active throughout this time, with new entrants such as Anubis, CipherLocker, Core, Dange, LCRYX, Loches, Vgod, and Xelera cropping up in recent months.
Medusa charged ransom demands of $100. 000 to $15 million and targets healthcare providers, non-profits, or interested parties from both merchant establishments and government organizations.
How Medusa Infiltrates Networks
Medusa attackers compromise known vulnerabilities in public-facing applications, especially the Microsoft Exchange Server, to initiate access. Cybersecurity officials suspect initial access brokers sell compromised network access for cash.
On the inside, the attackers deploy security persistence through remote management and monitoring (RMM), such as SimpleHelp, AnyDesk, and MeshAgent.
They also use the Bring Your Own Vulnerable Driver (BYOVD) technique to take advantage of legitimate but not up-to-date drivers to disable antivirus protections through KillAV; this method was also employed previously by BlackCat ransomware.
“The use of the legitimate RMM software PDQ Deploy is another hallmark of Medusa ransomware attacks,” Symantec said. “It is typically used by the attackers to drop other tools and files and to move laterally across the victim network.”
Throughout the attack process, Medusa operators rely on a variety of additional tools, including Navicat for database access, RoboCopy and Rclone for data exfiltration.
Read More: Is Your Computer Acting Strange? Here’s Why It Could Be Malware!
Profit-Driven, Not Ideological
“Like most targeted ransomware groups, Spearwing tends to attack large organizations across a range of sectors,” Symantec said. “Ransomware groups tend to be driven purely by profit, and not by any ideological or moral considerations.”
As Medusa and other ransomware groups evolve, cybersecurity experts stress the importance of proactive defense strategies, including patching vulnerabilities, monitoring remote access tools, and implementing robust threat detection measures to counter this growing menace.
How to Protect Your Data from Ransomware
Recently, ransomware attacks have risen sharply, with cybercriminals preying on individuals and organizations for ransom by encrypting sensitive data. Since 2021, the Financial Times reports over 4,900 ransomware incidents have been reported in the US, resulting in more than $3.1 billion in ransomware payments.
To protect your sensitive data from ransomware, you should implement proactive steps. Those steps are:
- Regular Data Backups: Back up data regularly and store backup copies offline or in a location that can no longer be reached from an infected computer. By backing up your sensitive data, you can restore your information without giving in to ransom.
- Keep Software Updated: Regularly install software updates and security patches on your operating system and applications. Cybercriminals use outdated software vulnerabilities to deliver ransomware.
- Use Reputable Security Solutions: Only trusted antivirus and anti-malware applications that offer continuous protection against emerging threats are used. Always utilize updated security application software.
- Exercise Caution with Emails: Be cautious of unsolicited emails or emails containing attachments or links. Phishing emails are often a conduit for ransomware attacks.
- Implement Access Controls: Limited user permissions can restrict the lateral spread of ransomware through your network. Restrict user permissions that limit access to only what is required to perform their role.
- Educate Yourself and Others: Stay informed about the latest ransomware tactics and share this knowledge with family members or colleagues to foster a culture of cybersecurity awareness.
Also Read: Top 9 Best Practices to Strengthen Your Cybersecurity
How AVP Suite Protects Against Ransomware
The AVP Suite is a complete cybersecurity solution designed to protect against ransomware and other digital threats.
Here’s how AVP Suite ensures your safety:
- AI-Powered Threat Detection: AVP Suite uses advanced artificial intelligence to detect and eliminate ransomware before it can invade your data.
- Cross-Platform Security: AVP Suite protects you across all of your devices seamlessly, no matter what platform you are using: Windows, macOS, Android, or iOS.
- Anti-Phishing Measures: AVP Suite’s anti-phishing tools are highly effective detectors of bad emails and websites designed to trick you into giving up your private information.
- Ransomware Shield: AVP Suite watches your program for activities everyday to ransomware and stops your data from being encrypted without your knowledge.
- Secure VPN Services: AVP Suite’s integrated VPN capabilities encrypt your internet connection to protect against data interception, particularly over public Wi-Fi.
- Ad Blocker and Anti-Tracking: By preventing intrusive ads and trackers from loading, AVP Suite reduces your chances of unwittingly browsing to a malicious website.
- Digital Identity Protection: The suite actively monitors the dark web for any indication that your personal information has been compromised so you can take measures to protect your identity quickly.
- Password Manager: With AVP Suite’s password manager, you can create and store strong, unique passwords for your accounts so that you are less exposed to credential-based attacks.
- Dark Web Scanner: Scans of the dark web notify you if your data has been posted to compromised databases so that you can proactively act to secure your data.
- Fraud Protection: Advanced fraud detection methods protect you from scams and unauthorized transactions, securing your financial well-being.
- Mobile Security: AVP Suite offers full protection to your mobile devices, protecting you against mobile-based threats and keeping your data safe while moving.
Final Thoughts
In short, while the rising incidence of ransomware is alarming, do not panic! The AVP Suite is your hero and protects you and your family’s personal data using advanced ransomware protection.
So, without further ado, incorporate AVP Suite into your cybersecurity plan to bolster your defenses against ransomware and many other types of cyberattacks to have you, again, peace of mind during these digital times.
Take Control of Your Digital Security with AVP Suite!
AVP Suite blocks ransomware attacks instantly & keeps you safe
Claim Your Free Trial!
