Medusa Ransomware Claims 40+ Victims in 2025, Confirmed Healthcare Attacks
Symantec found that Medusa has listed almost 400 victims on its data leaks site since early 2023, demanding ransom payments as high as $15m
Ransom-related coverage examines extortion demands, data theft, and disruption caused when attackers lock or threaten to expose systems.
Search across headline titles and summaries.
Background for this topic.
Ransomware is malicious software that disrupts access to systems or data, typically by encrypting files, to pressure a victim into paying. Modern campaigns may also steal data and threaten to publish it, making the demand a form of extortion even when encryption is unsuccessful. Common access routes include phishing, exposed remote services, stolen credentials, and unpatched vulnerabilities, though no single route is universal.
Important safeguards include regularly tested, offline or otherwise isolated backups; multifactor authentication and least-privilege access; network segmentation; and timely remediation of known, internet-facing vulnerabilities. During an incident, organizations should isolate affected systems, preserve evidence, identify the scope of compromise, and coordinate recovery and legal or regulatory decisions. Payment does not guarantee data recovery or deletion. Threat intelligence may help identify associated infrastructure or available decryptors, while documented recovery plans reduce dependence on an attacker’s demands.
Symantec found that Medusa has listed almost 400 victims on its data leaks site since early 2023, demanding ransom payments as high as $15m
The threat actors behind the Medusa ransomware have claimed nearly 400 victims since it first emerged in January 2023, with the financially motivated attacks witnessing a 42% increase between 2023 and 2024
The letters mimic typical ransom notes and threaten to delete or leak compromised data if payments aren't made, though none of the organizations that received them had active ransomware attacks.
GuidePoint Security has received reports of multiple organizations receiving ransom letters in the mail
Scammers are impersonating the BianLian ransomware gang in fake ransom notes sent to US companies via snail mail through the United States Postal Service. [...]
Committee Witnesses Favor Resilience Over BansThe British government should focus on building operational resilience rather than imposing ransom payment bans, security experts told a parliamentary committee. The British government in January floated a ban on public sector and critical infrastructure owners paying digital extortion.
The ransomware-as-a-service (RaaS) cybercrime group intends to leak the stolen information in just two days, it claims; but oddly, it doesn't seek a ransom payment from its victim.