Medusa attacks Ted Brown Music

Incident Date:

April 21, 2024

World map

Overview

Title

Medusa attacks Ted Brown Music

Victim

Ted Brown Music

Attacker

Medusa

Location

Tacoma, USA

Washington, USA

First Reported

April 21, 2024

The Rise of Medusa Ransomware Gang

Background

The Medusa ransomware gang has recently targeted Ted Brown Music, a family-owned music store established in 1931. The attackers have exfiltrated 29.4GB of data and are demanding a ransom within seven days, threatening to publish the information if not paid.

Modus Operandi

Medusa, a Ransomware-as-a-Service (RaaS) platform, emerged in the summer of 2021 and has become increasingly active. The group employs tactics such as restarting infected machines in safe mode to evade security software, deleting backups, and disabling recovery options to prevent encryption rollback.

Attack Trends

While attack volumes were inconsistent in the first half of 2023, there was a resurgence of activity in the latter half of the year. Medusa has targeted various industries, with a focus on healthcare, pharmaceutical companies, and public sector organizations. The group typically demands ransoms in the millions of dollars, tailored to the victim's ability to pay.

Double Extortion Scheme

Medusa utilizes a double extortion scheme, exfiltrating data before encryption. However, the group is not as generous with their affiliate attackers, offering only up to 60% of the ransom if paid.

Prevention Measures

To protect against Medusa and similar threats, organizations should be vigilant against malicious email attachments, torrent websites, and malicious ad libraries. Regularly backing up data and implementing robust cybersecurity measures are essential in mitigating the risk of ransomware attacks.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.