Medusa Ransomware

MITRE
Tipo Malware:
Other
Prima attivita:
Unknown
Ultima attivita:
Unknown
Dettagli:

[Medusa Ransomware](https://attack.mitre.org/software/S1244) has been utilized in attacks since at least 2021. [Medusa Ransomware](https://attack.mitre.org/software/S1244) has been known to be utilized in conjunction with living off the land techniques and remote management software. [Medusa Ransomware](https://attack.mitre.org/software/S1244) has been used in campaigns associated with “double extortion” ransomware activity, where data is exfiltrated from victim environments prior to encryption, with threats to publish files if a ransom is not paid. [Medusa Ransomware](https://attack.mitre.org/software/S1244) software was initially a closed ransomware variant which later evolved to a Ransomware as a Service (RaaS). [Medusa Ransomware](https://attack.mitre.org/software/S1244) has impacted victims from a diverse range of sectors within a multitude of countries, and it is assessed [Medusa Ransomware](https://attack.mitre.org/software/S1244) is used in an opportunistic manner.(Citation: CISA Medusa Group Medusa Ransomware March 2025)(Citation: Security Scorecard Medusa Ransomware January 2024)(Citation: Palo Alto Unit 42 Medusa Group Medusa Ransomware January 2024)(Citation: Broadcom Medusa Ransomware Medusa Group March 2025)

Tecniche Associate (22)
ID ATT&CK Tattiche
T1007 System Service Discovery -
T1027.013 Encrypted/Encoded File -
T1057 Process Discovery -
T1059.001 PowerShell -
T1059.003 Windows Command Shell -
T1070.004 File Deletion -
T1082 System Information Discovery -
T1083 File and Directory Discovery -
T1106 Native API -
T1124 System Time Discovery -
T1135 Network Share Discovery -
T1140 Deobfuscate/Decode Files or Information -
T1486 Data Encrypted for Impact -
T1489 Service Stop -
T1490 Inhibit System Recovery -
Usato da Attori (1)
Medusa Group
Unknown
Metadata
ID: 102
Created: 13/01/2026 17:48
Updated: 06/03/2026 16:00