Medusa attacks Ted Brown Music
Incident Date:
April 21, 2024
Overview
Title
Medusa attacks Ted Brown Music
Victim
Ted Brown Music
Attacker
Medusa
Location
First Reported
April 21, 2024
The Rise of Medusa Ransomware Gang
Background
The Medusa ransomware gang has recently targeted Ted Brown Music, a family-owned music store established in 1931. The attackers have exfiltrated 29.4GB of data and are demanding a ransom within seven days, threatening to publish the information if not paid.
Modus Operandi
Medusa, a Ransomware-as-a-Service (RaaS) platform, emerged in the summer of 2021 and has become increasingly active. The group employs tactics such as restarting infected machines in safe mode to evade security software, deleting backups, and disabling recovery options to prevent encryption rollback.
Attack Trends
While attack volumes were inconsistent in the first half of 2023, there was a resurgence of activity in the latter half of the year. Medusa has targeted various industries, with a focus on healthcare, pharmaceutical companies, and public sector organizations. The group typically demands ransoms in the millions of dollars, tailored to the victim's ability to pay.
Double Extortion Scheme
Medusa utilizes a double extortion scheme, exfiltrating data before encryption. However, the group is not as generous with their affiliate attackers, offering only up to 60% of the ransom if paid.
Prevention Measures
To protect against Medusa and similar threats, organizations should be vigilant against malicious email attachments, torrent websites, and malicious ad libraries. Regularly backing up data and implementing robust cybersecurity measures are essential in mitigating the risk of ransomware attacks.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.