The Cybersecurity and Infrastructure Security Agency has issued a new advisory about ransomware group MedusaLocker that is responsible for attacking a broad range of U.S. targets.
Four things to know:
- MedusaLocker was first detected in September 2019. The group is known for encrypting its victims' data then demanding ransom payments.
- The group operates as a ransomware-as-a-service operation, where affiliates are recruited to conduct the attacks in exchange for 55 to 60 percent of any ransom payments they generate.
- MedusaLocker is known for gaining access to devices using vulnerable remote desktop protocol configurations, email phishing attacks and spam email attacks.
- The size of MedusaLocker ransom demands varies depending on the victim's financial status as perceived by the group.
The advisory recommended organizations protect themselves by patching their systems' known exploited vulnerabilities, enforcing multifactor authentication, securing and monitoring remote desktop protocol and other risky services, and providing awareness and training.