A survey by Palo Alto Networks revealed that Medusa ransomware impacted 74 organisations worldwide in 2023, where technology, education, and manufacturing sectors topped the list.
Ever-evolving technologies are an open ground for malicious actors to impede organisational operations with cyber vulnerabilities. Medusa ransomware attacks are one of them. Deployed and operated by human attackers, Medusa is malicious software that encrypts and locks a victim’s files, further demanding payment in exchange for a decryption key. These cyber thefts are difficult to identify and are harmful to organisations, leading to irreversible loss.
In fact, a survey by Palo Alto Networks revealed that Medusa ransomware impacted 74 organisations worldwide in 2023, where technology, education, and manufacturing sectors topped the list. Here are a few tactics that Ransomware-as-a-service providers are leveraging, eventually leading to downtime within organisations.
How are Medusa ransomware groups exploiting organisational data?
Medusa Ransomware groups utilise legitimate software for sinister activities, further blending with regular behavioural data patterns, making it difficult to rectify irregularities. For instance, they implement various living-off-the-land techniques to hijack legitimate accounts, such as:
- The operators offer victims various ransom payment options when their data is posted on their DLS. For example, a standard fee for a time extension to prevent data from being published on their blog is $10,000.
- The group uses a public Telegram channel named “information support,” where files of compromised organisations are shared and are more accessible than traditional onion sites.
Also Read: A Three-phase Strategy for Defending Against Ransomware Attacks
What actions should be taken to prevent Medusa Ransomware incidents?
With Medusa ransomware standing as a significant threat to organisations, the researchers of Palo Alto Networks revealed a few proactive defence mechanisms against them. Enlisted below are a few strategies the cybersecurity teams need to implement as a wall against Ransomware-as-service providers:
- Regularly reviewing and updating the advanced machine learning models and analysis techniques
- Integration of out-of-the-box XDR agents that use an anti-ransomware module to prevent Medusa encryption behaviours on Windows. For instance, the implementation of the Behavioral Threat Protection (BTP) rule to avoid ransomware activity on Windows as well as Linux
- Incorporation of next-generation firewalls to detect and block the malware in URL Filtering by using DNS signatures
- Monitoring Window-based VMs(Virtual Machines) by using XDR cloud agents and Cloud Defender agents
- Detecting vulnerable services exposed directly to the internet that may be exploitable and infected with Medusa ransomware.
Wrapping it up, malicious actors will continue to execute out-of-the-box tactics to harm the organisational data. All that the cybersecurity response team needs to do is the implementation of robust strategies to fight against them. Incorporation of next-generation firewalls, and anti-ransomware modules are some of the possible solutions.