MedusaRansomware

Medusa ransomware BCrypt Double gaspc using AES+RSA hybrid encryption. It encrypts files with BCryptEncrypt and protects the AES key with the RSA public key. It discontinues Veeam (VEEAMSQL2008R2), Windows Backup Engine (wbengine), and Zoolz cloud backup services. It performs double extortion with the threat of data leakage.

Also Known As: MedusaLocker
Threat Profile
Type Ransomware
Programming LanguageC++
C2 Protocol
First Seen2021
Targets Windows
Purpose / Capabilities
  • Critical infrastructure ransomware
No C2 servers have been identified for this family yet.

Research Reports (1)

Critical

MedusaRansomware 2e62a782 -- CMedusaCrypt BCryptEncrypt RSA DoubleExtortion VeeamKill WBEngine Zoolz PDB-GazeRelease TOR-Decrypt | Kritik

MedusaRansomware 2e62a782 PE32 310KB. .?AVCMedusaCrypt@@ BCryptEncrypt+RSA. Double extortion. Veeam/WBEngine/Zoolz kill. PDB: G:\Medusa\Release\gaze.pdb.

Read Report →