Medusa ransomware is rapidly expanding its attacks in 2025, demanding ransoms as high as $15 million. A recent report highlights over 40 new victims this year.
The ransomware group has targeted healthcare, financial, and government organizations. Researchers note a 42% rise in Medusa-related incidents between 2023 and 2024. This increase suggests the group is filling the gap left by disrupted ransomware operations.
How the Attack Works
Hackers exploit security flaws in public-facing applications to gain access. Microsoft Exchange Server is a frequent target. Additionally, attackers may buy access from brokers who sell compromised network credentials.
Once inside, the hackers install remote monitoring software like AnyDesk or MeshAgent. This allows them to maintain control over the system. They also use KillAV, a tool that disables antivirus programs, making it easier to spread ransomware.
Another key tactic involves PDQ Deploy, a legitimate tool repurposed to distribute malware. Hackers also use Navicat to manipulate databases and Rclone for data exfiltration. This multi-step attack ensures maximum damage before ransom demands are issued.
The Growing Ransomware Threat
Medusa follows a double extortion model. First, hackers steal sensitive data. Then, they encrypt systems and threaten to publish stolen information if victims refuse to pay.
Ransoms range from $100,000 to $15 million, making Medusa a significant financial threat. Researchers believe the group is expanding aggressively, aiming for high-value targets across multiple industries.
How to Stay Protected
Organizations must strengthen their cybersecurity defenses. Keeping software updated and patching known vulnerabilities can prevent exploitation. Implementing multi-factor authentication (MFA) adds an extra layer of security.
Employees should be trained to recognize phishing attempts, which often serve as the initial entry point. Regular security audits and network monitoring can help detect suspicious activity early.
By adopting strong security measures, businesses can reduce the risk of ransomware attacks. Staying proactive is key to preventing costly breaches and data leaks.
Sleep well, we got you covered.
