"#StopRansomware: MedusaLocker Joint Cybersecurity Advisory"

The Federal Bureau of Investigation (FBI), the US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA), the Department of the Treasury, and the Financial Crimes Enforcement Network (FinCEN) have released a joint advisory providing information on MedusaLocker ransomware. MedusaLocker actors primarily rely on vulnerabilities in Remote Desktop Protocol (RDP) to gain access to victims' networks. The threat actors encrypt the victim's data and leave a ransom note containing communication instructions in each folder containing an encrypted file. The note instructs victims to send ransom money to a specific Bitcoin wallet address. Based on the observed split of ransom payments, MedusaLocker appears to operate as a Ransomware-as-a-Service (RaaS) model. The developer appears to collect the remaining portion of the MedusaLocker ransom payments, with affiliates receiving 55 to 60 percent of the total. As initial infiltration vectors, the threat actors commonly employ spam and email phishing campaigns that directly attach the ransomware to the email. This article continues to discuss key points made in the joint cybersecurity advisory on MedusaLocker ransomware.

HSToday reports "#StopRansomware: MedusaLocker Joint Cybersecurity Advisory"