PanelActoresCampanasMapaTTPs
Panel » Actores » medusa
ArsenalExploitsTTP MatrixKillChainMapaActoresSSLBLRansomLookRansomwhereAlertasCyberNews
medusa logo

medusa

6 incidentes 2 paises 4 sectores ransomware RU Ultimo: 2026-06-25
Aliases: Spearwing
Ver en IntelTracker → APTTrail →
Medusa is a financially motivated ransomware group that first emerged in June 2021 as a closed ransomware variant before transitioning to a Ransomware-as-a-Service (RaaS) model. While affiliates deploy the ransomware, core developers maintain centralized control over crucial operations such as ransom negotiations. The group is assessed with high confidence to be of Russian origin, indicated by its avoidance of targets within Russia and Commonwealth of Independent States (CIS) countries, its activity on Russian-language dark web forums, and the use of Russian slang by its operators. What distinguishes Medusa from many other groups is its aggressive use of public channels, including a public Telegram channel, Facebook profile, and X (formerly Twitter) account under the brand 'OSINT Without Borders,' to exert pressure on victims and enhance its reputation. Medusa also employs a notable triple extortion scheme, demanding an additional ransom even after initial payment, a tactic less common
Tecnicas MITRE
T1078, T1574, T1047, T1566, T1566.001, T1486
CVEs relacionadas
CVE-2026-23760, CVE-2026-1731, CVE-2025-52691, CVE-2025-47176, CVE-2025-47171, CVE-2025-31324

RansomLook pivots

Data, inteligencia y referencias externas para contrastar actividad ransomware del actor.

Abrir perfil →
Data
RecentBrowseTrendingStats
Intel
GroupURLsCryptoLeaksNotesAnalysesTorrents
Info
APIGlossaryAbout
Victimas
5
TTPs unicas
1
Info robada historica
N/D
Rescates reclamados
N/D
Pagos detectados
N/D

TTPs observadas

T1566 Phishing

Paises afectados

United States (5) Italy (1)

Paises objetivo (SOCRadar)

United Arab EmiratesAntigua and BarbudaArmeniaAngolaArgentinaAustraliaBosnia and HerzegovinaBangladeshBelgiumBolivia, Plurinational State of

Sectores atacados

Manufacturing (1) Healthcare (2) Public Sector (2) Consumer Services (1)

Sectores objetivo (SOCRadar)

Construction of BuildingsFood ManufacturingOther Information ServicesCredit UnionsSoftware PublishersReal EstateHospitalsTransportation Equipment ManufacturingAccommodationAir Transportation

URLs nuevas detectadas en IntelTracker

ransomware.anggipradana.com

Victimas (5)

MESA Products13 Feb 2026
Ransomware United States Manufacturing
Resumen Una alerta de ransomware reciente ha sido registrada en relación con la empresa MESA Products, una compañía estadounidense especializada en so…
Grandview Family Medicine8 Feb 2026
Ransomware United States Healthcare
Resumen Grandview Family Medicine, un proveedor de salud basado en Utah, ha sido objeto de una alerta de ransomware relacionada con el grupo cibernéti…
Comune di Battipaglia2 Feb 2026
Ransomware Italy Public Sector
Resumen El Comune di Battipaglia, una administración pública en la provincia de Salerno (Campania, Italia), ha sido afectada por un ataque cibernético…
Balloons Everywhere29 Jan 2026
Ransomware United States Consumer Services
Resumen Una alerta de ransomware reciente ha sido publicada relacionada con la empresa Balloons Everywhere, un distribuidor en línea que vende product…
South Hays Fire Department29 Jan 2026
Ransomware United States Public Sector
Resumen La South Hays Fire Department, parte del Hays County Emergency Services District 3, ha sido identificada como un posible objetivo de ataque ci…