Medusa attacks Matej Bel University

Incident Date:

June 24, 2023

World map

Overview

Title

Medusa attacks Matej Bel University

Victim

Matej Bel University

Attacker

Medusa

Location

Banská Bystrica, Slovakia

, Slovakia

First Reported

June 24, 2023

The Medusa Ransomware Gang's Attack on Matej Bel University

The Medusa ransomware gang has attacked Matej Bel University. Matej Bel University is a public research university in Slovakia. It has 6700 students and was founded in 1992. Medusa posted Matej Bel University to its data leak site on June 24th, claiming to have stolen a “large amount of information and threatening to publish exfiltrated data on June 3rd if the university fails to pay a $500,000 ransom.

The Rise of Medusa

The Medusa gang made its debut in the summer of 2021 and has evolved to be one of the more active RaaS (Ransomware-as-a-Service) platforms in late 2022. The attackers restart infected machines in safe mode to avoid detection by security software as well preventing recovery by deleting local backups, disabling startup recovery options, and deleting shadow copies.

Increased Activity and Ransom Demands

Medusa ramped up attacks in the latter part of 2022 and has been one of the most active groups in the first quarter of 2023. Medusa typically demands ransoms in the millions of dollars, which can vary depending on the target organization’s ability to pay.

Method of Attack

The Medusa ransomware gang (not to be confused with the operators of the earlier MedusaLocker) ransomware typically compromises victim networks through malicious email attachments (macros), torrent websites, or malicious ad libraries. Medusa can terminate over 280 Windows services and processes without command line arguments.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.