Lazarus Group Turns to Medusa Ransomware in Escalating Global Extortion Campaign
informationsecuritybuzz.comNew evidence indicates that the North Korean state-sponsored Lazarus Group has adopted the infamous Medusa ransomware in its extortion attacks, including those against the healthcare and nonprofit sectors.
The Threat Hunter Team from Symantec and Carbon Black says these attacks have been increasing since Medusa’s launch in 2023 as a “ransomware-as-a-service” (RaaS) tool.
The malware, operated by a cybercrime syndicate named Spearwing, has been used in over 360 known attacks, including against critical sectors, where it encrypts data and threatens to publish the data if a ransom is not paid.
Analysis of Medusa’s leak site indicates that recently, attacks have been reported against four US healthcare and nonprofit organizations, with unscrupulous actors demanding an average of hundreds of thousands of dollars.
It is not clear which Lazarus group is responsible for the attacks, but the tools used suggest a sophisticated approach to financially motivated attacks.
This is a ...
Copyright of this story solely belongs to informationsecuritybuzz.com . To see the full text click HERE