North Korea's Lazarus Group targets healthcare orgs with Medusa ransomware

North Korea’s Lazarus Group appears to have added another tool to its kit. It has begun using Medusa ransomware in extortion attacks targeting at least one US healthcare organization and an unnamed victim in the Middle East, according to Symantec and Carbon Black threat hunters.

The US healthcare attempt failed, while the Middle East organization was hit with the Medusa strain, the researchers said.

Of the nearly 30 victim organizations listed on the Medusa data-leak site since November 2025, four are healthcare and nonprofit organizations in the US, including a mental health nonprofit and an educational facility for autistic children.

"It is unknown if all these victims were targeted by North Korean operatives or if other Medusa affiliates were responsible for some of these attacks," the security sleuths said in a Tuesday report, noting that the ransom demand over the four-month period averaged $260,000. 

Medusa, a ransomware-as-a-service operation ...