Palo Alto Networks warn for ransomware group Medusa


Palo Alto Networks researchers see professionalisation of ransomware group Medusa

Victims cynically put on display in new blog on the dark web

UNIT 42, the research branch of cybersecurity leader Palo Alto Networks, sees strong professionalisation of ransomware group Medusa. In 2023, the cybercriminals made 74 victims, most of them in the US and Europe. The hacker collective also recently launched a new blog on the dark web, pressuring victims to tack and pay up.

The hacker group’s website cynically displays the victim’s name, price, time remaining and number of visitors. This extortion technique is unfortunately not uncommon and is increasingly used to put pressure on affected companies, UNIT 42 says.

Example of Medusa blog

Figure 1: example of Medusa blog

Paid services

Moreover, victims can also choose from one of the additional paying services. For a hefty sum, they can, for instance, delay the payment deadline or have their data removed from the website. The latter costs an average of $10,000. Medusa has also launched a Telegram channel where confidential files of the companies are publicly shared with followers.

Promotion video for Medusa

Figure 2: promotion video for Medusa


Medusa may have seen the light at the end of 2022. As notorious ransomware-as-a-service collective, it quickly climbed the ranks of the cybercriminal underworld, mainly by creating victims among Windows users.

The group is renowned for its “living-off-the-land” techniques. In LOTL attacks, criminals use existing programmes (such as password managers) on victims’ devices to carry out attacks, rather than having external malicious software installed. This type of attack is therefore much harder to detect. Cyber criminals can thus dwell on victims’ devices undetected for months.

Download UNIT 42’s report on Medusa here.

About Palo Alto Networks

Palo Alto Networks is the world’s cybersecurity leader. We innovate to outpace cyberthreats, so organizations can embrace technology with confidence. We provide next-gen cybersecurity to thousands of customers globally, across all sectors. Our best-in-class cybersecurity platforms and services are backed by industry-leading threat intelligence and strengthened by state-of-the-art automation. Whether deploying our products to enable the Zero Trust Enterprise, responding to a security incident, or partnering to deliver better security outcomes through a world-class partner ecosystem, we’re committed to helping ensure each day is safer than the one before. It’s what makes us the cybersecurity partner of choice.

Published amongst others on Data News and Computable.