MEDUSA Ransomware Group Strikes Again, Targeting Prominent Companies
In a concerning turn of events, the notorious MEDUSA ransomware group has resurfaced, unleashing cyber attacks on two distinguished companies and demanding substantial ransoms for the release of encrypted data. The cyber assaults were unveiled on the threat actor’s dark web portal, shedding light on the latest victims falling prey to their malicious activities.
The identified victims of the MEDUSA cyber attacks are Karam Chand Thapar & Bros. (Coal Sales) Ltd, based in India, and Windak Group, marking the latest additions to the dark web hall of infamy curated by the notorious ransomware group.
Both incidents were made public through the threat actor’s dark web portal, which has been a recurring space for listing victims targeted in the past weeks. This recurrence emphasizes the escalating threat posed by the MEDUSA ransomware group and underscores the urgency for enhanced cybersecurity measures.
For Windak Group, a prominent Sweden-based cable packaging equipment manufacturer founded in 1994, the ransom demands have been set at a staggering $100,000. The threat actors have imposed a tight deadline of 9 days, 23 hours, 20 minutes, and 3 seconds from the time of the cyber attack for the payment to be made.
Meanwhile, Karam Chand Thapar & Bros., a flagship company of the KCT Group in India specializing in coal services and logistics, faces a ransom demand of $200,000. The threat actors have set a deadline of 9 days, 22 hours, 57 minutes, and 50 seconds for the payment.
Efforts to verify these claims have been initiated by The Cyber Express, which has reached out to both victimized companies. As of the latest update, no official response has been received, leaving the MEDUSA cyber attack claims unverified.
Adding a layer of complexity to the situation, the victimized websites of both companies currently show no visible signs of the cyber attacks on their front end, further contributing to the uncertainty surrounding the situation.
This pattern of cyber attacks by the MEDUSA ransomware group follows a similar modus operandi observed in previous incidents. The threat actor consistently uses its dark web platform to announce their victims, creating a pattern that raises concerns about the group’s persistent and evolving tactics.
The MEDUSA ransomware group, known for its MedusaLocker Ransomware, surfaced in September 2019 and primarily targets Windows machines through SPAM campaigns. Employing a ransomware-as-a-service (RaaS) business model, the group focuses on sectors like healthcare, education, and enterprises handling substantial volumes of personal information. Their double extortion tactic involves pilfering victim data before encryption and threatening its sale or public release if the ransom is not paid.
The cybersecurity community remains vigilant, emphasizing the critical importance of proactive measures to safeguard against such cyber threats. As investigations unfold, the resilience of organizations against ransomware attacks becomes paramount in this evolving landscape of cyber threats. Stay tuned for further developments on this alarming resurgence of the MEDUSA ransomware group.