Medusa Ransomware Targets Over 40 Victims: Ransomware Safety Tips
AVP SUITE
March 12,2025
6 mins
Medusa Ransomware Targets Over 40 Victims: Ransomware Safety Tips
Cybersecurity experts are raising alarms as Medusa ransomware continues its relentless expansion, with attackers claiming nearly 400 victims since its emergence in January 2023. Financially motivated attacks linked to the ransomware have spiked by 42% between 2023 and 2024, signaling a growing threat to organizations worldwide.
Let’s know more about it!
| Table of Contents!
Medusa Ransomware Intensifies Attacks in 2025 Medusa Fills the Void Left by LockBit and BlackCat How Medusa Infiltrates Networks Profit-Driven, Not Ideological How to Protect Your Data from Ransomware How AVP Suite Protects Against Ransomware Final Thoughts! |
Medusa Ransomware Intensifies Attacks in 2025
The first two months of 2025 alone have already seen over 40 confirmed Medusa ransomware attacks, according to data from the Symantec Threat Hunter Team shared with The Hacker News. The cybersecurity company is tracking the Medusa threat cluster under the name Spearwing.
“Like the majority of ransomware operators, Spearwing and its affiliates carry out double extortion attacks, stealing victims’ data before encrypting networks in order to increase the pressure on victims to pay a ransom,” Symantec noted.
Related Read: How to Prevent Ransomware Attacks and Protect Your Online Data
Medusa Fills the Void Left by LockBit and BlackCat
As law enforcement actions disrupt major ransomware groups like LockBit and BlackCat, other Ransomware-as-a-Service (RaaS) players—including RansomHub (aka Greenbottle and Cyclops), Play (aka Balloonfly), and Qilin (aka Agenda, Stinkbug, and Water Galura)—have stepped in to exploit the power vacuum. Medusa’s rising activity suggests that it, too, is aggressively expanding its operations to fill the gap left by these notorious extortionists.
Meanwhile, the ransomware landscape remains highly volatile, with new RaaS operations such as Anubis, CipherLocker, Core, Dange, LCRYX, Loches, Vgod, and Xelera emerging in recent months.
Medusa’s ransom demands range between $100,000 and $15 million, with targets spanning across healthcare providers, non-profits, financial institutions, and government organizations.
How Medusa Infiltrates Networks
Medusa attackers gain initial access by exploiting known vulnerabilities in public-facing applications, particularly Microsoft Exchange Server. Cybersecurity experts also suspect the involvement of initial access brokers, who sell access to compromised networks.
Once inside, the attackers establish persistent access using remote management and monitoring (RMM) tools such as SimpleHelp, AnyDesk, and MeshAgent. Additionally, they deploy the Bring Your Own Vulnerable Driver (BYOVD) technique, which leverages legitimate but outdated drivers to disable antivirus protections using KillAV—a method also previously used by BlackCat ransomware.
“The use of the legitimate RMM software PDQ Deploy is another hallmark of Medusa ransomware attacks,” Symantec said. “It is typically used by the attackers to drop other tools and files and to move laterally across the victim network.”
Throughout the attack process, Medusa operators rely on a variety of additional tools, including Navicat for database access, RoboCopy and Rclone for data exfiltration.
Read More: Is Your Computer Acting Strange? Here’s Why It Could Be Malware!
Profit-Driven, Not Ideological
“Like most targeted ransomware groups, Spearwing tends to attack large organizations across a range of sectors,” Symantec said. “Ransomware groups tend to be driven purely by profit, and not by any ideological or moral considerations.”
As Medusa and other ransomware groups evolve, cybersecurity experts stress the importance of proactive defense strategies, including patching vulnerabilities, monitoring remote access tools, and implementing robust threat detection measures to counter this growing menace.
| Could Your Files Be Hostage?
AVP Suite Stops Ransomware Before It Strikes Try AVP Suite for Free! |
How to Protect Your Data from Ransomware
Ransomware attacks have surged in recent years, with cybercriminals increasingly targeting individuals and organizations to extort money by encrypting valuable data. According to the Financial Times, since 2021, the US has identified over 4,900 ransomware attacks, resulting in over $3.1 billion in ransom payments.
To safeguard your data from such threats, it’s essential to adopt proactive measures. Those are mentioned-below:
- Regular Data Backups: Consistently back up your data and store copies offline or in locations inaccessible from potentially infected computers. This ensures you can restore your information without yielding to ransom demands.
- Keep Software Updated: Regularly install security updates and patches for your operating system and applications. Cybercriminals often exploit outdated software vulnerabilities to deploy ransomware.
- Use Reputable Security Solutions: Employ trusted antivirus and anti-malware programs that offer real-time protection against emerging threats. Ensure these solutions are always up-to-date.
- Exercise Caution with Emails: Be wary of unsolicited emails, especially those containing attachments or links. Phishing emails are a common method for distributing ransomware.
- Implement Access Controls: Restrict user permissions to limit the spread of ransomware within your network. Ensure that users have only the access necessary for their roles.
- Educate Yourself and Others: Stay informed about the latest ransomware tactics and share this knowledge with family members or colleagues to foster a culture of cybersecurity awareness.
Also Read: Top 9 Best Practices to Strengthen Your Cybersecurity
How AVP Suite Protects Against Ransomware
AVP Suite offers a comprehensive cybersecurity solution designed to shield users from ransomware and a multitude of other digital threats. Here’s how AVP Suite ensures your safety:
- AI-Powered Threat Detection: Utilizing advanced artificial intelligence, AVP Suite identifies and neutralizes ransomware before it can compromise your data.
- Cross-Platform Security: Whether you’re on Windows, macOS, Android, or iOS, AVP Suite provides consistent protection across all your devices, ensuring seamless security.
- Anti-Phishing Measures: The suite’s robust anti-phishing tools detect and block malicious emails and websites attempting to deceive you into divulging sensitive information.
- Ransomware Shield: AVP Suite actively monitors your system for suspicious activities characteristic of ransomware, preventing unauthorized encryption of your files.
- Secure VPN Services: With integrated VPN capabilities, AVP Suite encrypts your internet connection, safeguarding your data from interception, especially on public Wi-Fi networks.
- Ad Blocker and Anti-Tracking: By blocking intrusive ads and trackers, AVP Suite reduces the risk of encountering malicious content online.
- Digital Identity Protection: The suite monitors the dark web for any signs of your personal information being compromised, allowing you to act swiftly to protect your identity.
- Password Manager: AVP Suite’s password manager generates and stores strong, unique passwords for your accounts, minimizing the risk of credential-based attacks.
- Dark Web Scanner: Regular scans of the dark web alert you if your data appears in compromised databases, enabling proactive measures to secure your information.
- Fraud Protection: Advanced fraud detection mechanisms protect you from scams and unauthorized transactions, ensuring your financial well-being.
- Mobile Security: AVP Suite extends its comprehensive protection to mobile devices, safeguarding against mobile-specific threats and ensuring your data remains secure on the go.
Final Thoughts
In a nutshell, even though the increasing ratio of ransomware is worrisome, however, fret not! AVP Suite is the hero here, rescuing you and family’s personal data secure with advanced ransomware protection.
So, without furher ado, embrace AVP Suite into your cybersecurity strategy to fortify your defenses against ransomware and a wide array of other cyber threats, ensuring peace of mind in today’s digital landscape.
Take Control of Your Digital Security with AVP Suite!
Cybersecurity experts are raising alarms as Medusa ransomware continues its relentless expansion, with attackers claiming nearly 400 victims since its emergence in January 2023. Financially motivated attacks linked to the ransomware have spiked by 42% between 2023 and 2024, signaling a growing threat to organizations worldwide.
Let’s know more about it!
Medusa Ransomware Intensifies Attacks in 2025
The first two months of 2025 alone have already seen over 40 confirmed Medusa ransomware attacks, according to data from the Symantec Threat Hunter Team shared with The Hacker News. The cybersecurity company is tracking the Medusa threat cluster under the name Spearwing.
“Like the majority of ransomware operators, Spearwing and its affiliates carry out double extortion attacks, stealing victims’ data before encrypting networks in order to increase the pressure on victims to pay a ransom,” Symantec noted.
Related Read: How to Prevent Ransomware Attacks and Protect Your Online Data
Medusa Fills the Void Left by LockBit and BlackCat
As law enforcement actions disrupt major ransomware groups like LockBit and BlackCat, other Ransomware-as-a-Service (RaaS) players—including RansomHub (aka Greenbottle and Cyclops), Play (aka Balloonfly), and Qilin (aka Agenda, Stinkbug, and Water Galura)—have stepped in to exploit the power vacuum. Medusa’s rising activity suggests that it, too, is aggressively expanding its operations to fill the gap left by these notorious extortionists.
Meanwhile, the ransomware landscape remains highly volatile, with new RaaS operations such as Anubis, CipherLocker, Core, Dange, LCRYX, Loches, Vgod, and Xelera emerging in recent months.
Medusa’s ransom demands range between $100,000 and $15 million, with targets spanning across healthcare providers, non-profits, financial institutions, and government organizations.
How Medusa Infiltrates Networks
Medusa attackers gain initial access by exploiting known vulnerabilities in public-facing applications, particularly Microsoft Exchange Server. Cybersecurity experts also suspect the involvement of initial access brokers, who sell access to compromised networks.
Once inside, the attackers establish persistent access using remote management and monitoring (RMM) tools such as SimpleHelp, AnyDesk, and MeshAgent. Additionally, they deploy the Bring Your Own Vulnerable Driver (BYOVD) technique, which leverages legitimate but outdated drivers to disable antivirus protections using KillAV—a method also previously used by BlackCat ransomware.
“The use of the legitimate RMM software PDQ Deploy is another hallmark of Medusa ransomware attacks,” Symantec said. “It is typically used by the attackers to drop other tools and files and to move laterally across the victim network.”
Throughout the attack process, Medusa operators rely on a variety of additional tools, including Navicat for database access, RoboCopy and Rclone for data exfiltration.
Read More: Is Your Computer Acting Strange? Here’s Why It Could Be Malware!
Profit-Driven, Not Ideological
“Like most targeted ransomware groups, Spearwing tends to attack large organizations across a range of sectors,” Symantec said. “Ransomware groups tend to be driven purely by profit, and not by any ideological or moral considerations.”
As Medusa and other ransomware groups evolve, cybersecurity experts stress the importance of proactive defense strategies, including patching vulnerabilities, monitoring remote access tools, and implementing robust threat detection measures to counter this growing menace.
How to Protect Your Data from Ransomware
Ransomware attacks have surged in recent years, with cybercriminals increasingly targeting individuals and organizations to extort money by encrypting valuable data. According to the Financial Times, since 2021, the US has identified over 4,900 ransomware attacks, resulting in over $3.1 billion in ransom payments.
To safeguard your data from such threats, it’s essential to adopt proactive measures. Those are mentioned-below:
- Regular Data Backups: Consistently back up your data and store copies offline or in locations inaccessible from potentially infected computers. This ensures you can restore your information without yielding to ransom demands.
- Keep Software Updated: Regularly install security updates and patches for your operating system and applications. Cybercriminals often exploit outdated software vulnerabilities to deploy ransomware.
- Use Reputable Security Solutions: Employ trusted antivirus and anti-malware programs that offer real-time protection against emerging threats. Ensure these solutions are always up-to-date.
- Exercise Caution with Emails: Be wary of unsolicited emails, especially those containing attachments or links. Phishing emails are a common method for distributing ransomware.
- Implement Access Controls: Restrict user permissions to limit the spread of ransomware within your network. Ensure that users have only the access necessary for their roles.
- Educate Yourself and Others: Stay informed about the latest ransomware tactics and share this knowledge with family members or colleagues to foster a culture of cybersecurity awareness.
Also Read: Top 9 Best Practices to Strengthen Your Cybersecurity
How AVP Suite Protects Against Ransomware
AVP Suite offers a comprehensive cybersecurity solution designed to shield users from ransomware and a multitude of other digital threats. Here’s how AVP Suite ensures your safety:
- AI-Powered Threat Detection: Utilizing advanced artificial intelligence, AVP Suite identifies and neutralizes ransomware before it can compromise your data.
- Cross-Platform Security: Whether you’re on Windows, macOS, Android, or iOS, AVP Suite provides consistent protection across all your devices, ensuring seamless security.
- Anti-Phishing Measures: The suite’s robust anti-phishing tools detect and block malicious emails and websites attempting to deceive you into divulging sensitive information.
- Ransomware Shield: AVP Suite actively monitors your system for suspicious activities characteristic of ransomware, preventing unauthorized encryption of your files.
- Secure VPN Services: With integrated VPN capabilities, AVP Suite encrypts your internet connection, safeguarding your data from interception, especially on public Wi-Fi networks.
- Ad Blocker and Anti-Tracking: By blocking intrusive ads and trackers, AVP Suite reduces the risk of encountering malicious content online.
- Digital Identity Protection: The suite monitors the dark web for any signs of your personal information being compromised, allowing you to act swiftly to protect your identity.
- Password Manager: AVP Suite’s password manager generates and stores strong, unique passwords for your accounts, minimizing the risk of credential-based attacks.
- Dark Web Scanner: Regular scans of the dark web alert you if your data appears in compromised databases, enabling proactive measures to secure your information.
- Fraud Protection: Advanced fraud detection mechanisms protect you from scams and unauthorized transactions, ensuring your financial well-being.
- Mobile Security: AVP Suite extends its comprehensive protection to mobile devices, safeguarding against mobile-specific threats and ensuring your data remains secure on the go.
Final Thoughts
In a nutshell, even though the increasing ratio of ransomware is worrisome, however, fret not! AVP Suite is the hero here, rescuing you and family’s personal data secure with advanced ransomware protection.
So, without furher ado, embrace AVP Suite into your cybersecurity strategy to fortify your defenses against ransomware and a wide array of other cyber threats, ensuring peace of mind in today’s digital landscape.
Take Control of Your Digital Security with AVP Suite!
AVP Suite blocks ransomware attacks instantly & keeps you safe
Claim Your Free Trial!
