MEDUSA Ransomware Infected 93-Year-Old Company

By Bogdan Pătru . 21 April 2024

Tech Writer

Fact-Checked this

MEDUSA operators announced that they had just breached Ted Brown Music, a US-based music store with almost a century of existence. According to the original post, the company has 95 employees and is a family-owned and operated business.

The total amount of the leaked data is allegedly around 29.4 GB, but hackers haven’t disclosed the content of it
Ted Brown Music hasn’t commented on the incident, so it’s unclear if they’ve decided to negotiate or ignore the hackers
MEDUSA is known to demand high ransoms and employ a ruthless encryption tool
Ransomware attacks are on an upward trend after falling dramatically in intensity over the past 5 years

MEDUSA’s tactics and MOs have changed gradually over time, along with the gang’s activity levels. The now-infamous ransomware actor first hit the public sphere in 2022, but it only gained global notoriety a year later.

The hackers advertise their software as a RaaS (Ransomware-as-a-service), allowing them to rely on affiliates and third-party entities to carry out some of the attacks. This tactic brings in profits with minimal risks and almost no effort.

X showing the MEDUSA attack on Ted Brown Music — https://twitter.com/FalconFeedsio/status/1781963584882278820

MEDUSA operates based on a multi-extortion strategy, which is an upgrade from their simple extortion practices during their first few months of activity. The double-extortion method refers to the hackers both employing an encryption tool and stealing data.

The victim is then forced to negotiate for both, which naturally increases the value of the ransom. But how effective is MEDUSA, and should you be worried?

Why MEDUSA Ransomware is a Global Concern

In short, yes, you should be worried about it. The MEDUSA gang took its time to develop its code, tactics, and strategy accordingly, so that, today:

They employ high-end stealth and diversion tactics
They target and breach even high-value targets with top security
They use legitimate software for malicious purposes
They are notoriously difficult to track and flag accordingly

Another interesting feature that most ransomware actors don’t have is the multi-payment option. MEDUSA’s victims have several payment options at their disposal, in case they want to:

Extend the time limit by a day
Download the stolen data
Ask for the deletion of the data

The 1-day extension is typically $10,000, but the value of the other 2 options varies, depending on the victim’s profile. These can range from $10,000 to $500,000 or more.

More importantly, the MEDUSA hackers don’t necessarily target high-profile institutions. Instead, they go for high-value ones that pack serious revenue. The hackers always follow the money, which is a reason for concern for everybody, regardless of their status.

If you believe you fit the profile of a potential victim, you need to act sooner rather than later. Nothing beats prevention in terms of safety, especially when we’re talking about a ransomware gang as effective and versatile as MEDUSA.

The problem is that boosting your cyber defenses optimally on your own is, at best, unlikely. Which is why it’s typically recommended to rely on cybersecurity experts for that.

Also, make sure you educate your staff, and yourself, with respect to the potential dangers coming with using even legitimate software and platforms.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Author, Creative Writer, and Tech-Geek Bogdan has followed his passion for the digital world ever since he got his hands on his first PC. After years of accumulating knowledge and experience, the good Samaritan in him whispered to him one day about the virtue of sharing that knowledge with those who needed it. It was in 2014 when that idea would grow into a life-defining passion. One that keeps driving him to this day.

Cookie	Duration	Description
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	1 year	The GDPR Cookie Consent plugin sets the cookie to store whether or not the user has consented to use cookies. It does not store any personal data.
wpEmojiSettingsSupports	session	WordPress sets this cookie when a user interacts with emojis on a WordPress site. It helps determine if the user's browser can display emojis properly.

Cookie	Duration	Description
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gat_UA-*	1 minute	Google Analytics sets this cookie for user behaviour tracking.
_gid	1 day	Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.
_omappvp	1 year 1 month 4 days	The _omappvp cookie is set to distinguish new and returning users and is used in conjunction with _omappvs cookie.
_omappvs	20 minutes	The _omappvs cookie, used in conjunction with the _omappvp cookies, is used to determine if the visitor has visited the website before, or if it is a new visitor.

MEDUSA Ransomware Infected 93-Year-Old Company

Why MEDUSA Ransomware is a Global Concern

Our Mission

Bogdan Pătru

Leave a Comment Cancel