ICIC
UN

Medusa

Medium ConfidenceHigh Threat

MedusaLocker • Medusa Blog

Medusa is a ransomware-as-a-service operation that has been active since at least 2021, targeting organizations across education, healthcare, and government sectors. The group operates a leak site called 'Medusa Blog' where they publish stolen data from non-paying victims. Medusa ransomware employs sophisticated encryption techniques and has demonstrated capabilities in evading security controls. The group's operations have affected hundreds of organizations worldwide.

Origin: Unknown
Sponsor: Cybercriminal (No State Sponsor)
Active: 2021 - Present
Victims: 200+ organizations
Advanced
Active
Financial Gain
Risk Assessment
71
Composite Risk Score
High Risk
ARCS Compliance72
Escalation Risk70
Grievance Index65
Infrastructure Impact75
History & Evolution

Medusa is a ransomware-as-a-service operation that has been active since at least 2021, targeting organizations across education, healthcare, and government sectors. The group operates a leak site called 'Medusa Blog' where they publish stolen data from non-paying victims. Medusa ransomware employs sophisticated encryption techniques and has demonstrated capabilities in evading security controls. The group's operations have affected hundreds of organizations worldwide.

Targeting

Target Sectors

HealthcareEducationGovernmentManufacturing

Target Regions

United StatesGlobal
Attribution & Affiliations

Attributed to Cybercriminal (No State Sponsor) (Unknown). Attribution confidence: Medium.

Intelligence Assessment
High
Threat Level
Moderately
Targeting
Moderately
Adaptability
High
Persistence
Continuous
Op Tempo
Active
Status

Future Outlook

Medusa is expected to continue operations targeting Healthcare sectors.

Timeline of Key Events
2021
Major

First observed activity of Medusa

2024
Moderate

Continued active operations