Home Ministry Tech Leaders MedusaLocker Malware Wreaking Havoc

MedusaLocker Malware Wreaking Havoc

Adobestock #559690256

First observed in 2019, MedusaLocker (Medusa ransomware) continues to wreak havoc, rearing its ugly head (pun intended!) time and time again as we close out 2023.   Operating as a ransomware-as-a-service (RaaS), MedusaLocker is a notorious strain of malware that employs a double extortion tactic in (1) stealing data before encryption, and then (2) rendering the victim’s data inaccessible until a ransom is paid.

This malicious malware has been causing widespread (time and financial) damage to individuals, churches, businesses, and schools.  Earlier this year, the MedusaLocker gang launched a successful attack on the students, teachers, and staff at the Minneapolis Public School District (MPSD). The widely publicized assault resulted with nearly 100GB of confidential information being illegally uploaded to the web, including allegations of Intelligence tests, abuse by teachers, and psychological reports.

While some features of MedusaLocker have evolved over time (i.e. booting up in safe mode before execution and file encryption), the core goals and impacts remain constant.  MedusaLocker components include:

1. Data loss – loss of important files, documents, and other data upon encryption

  1. Financial loss – encrypted files are offered for a financial ransom, where users are asked to pay steep prices in order to decrypt files that were affected