Medusa Ransomware Claims 40+ Victims in 2025, Confirmed Healthcare Attacks
Symantec found that Medusa has listed almost 400 victims on its data leaks site since early 2023, demanding ransom payments as high as $15m
Symantec is a cybersecurity brand whose products and research involve malware, endpoint protection, data security, and threat detection.
Search across headline titles and summaries.
Background for this topic.
Symantec is a long-standing cybersecurity brand associated with endpoint protection, antivirus, data loss prevention (DLP), email and web security, and threat intelligence. Its enterprise security business became part of Broadcom, while its consumer security business was separated and later became part of Gen Digital. As a result, news tagged “Symantec” may concern legacy products, enterprise offerings, or historical company activity rather than a single current organization.
For security practitioners, Symantec-related coverage is most relevant to the protection and management of endpoint and data-control systems. These tools often run with elevated privileges and have broad access to files, traffic, and telemetry, so vulnerabilities, weak policy configuration, or delayed updates can create significant attack paths. Administrators should track product support and ownership changes, validate agent coverage and tamper protection, review telemetry handling for privacy and regulatory requirements, and ensure alerts and DLP events feed tested investigation and response processes.
Weekly headline count for the current query.
Symantec found that Medusa has listed almost 400 victims on its data leaks site since early 2023, demanding ransom payments as high as $15m
Symantec found that tools previously only used by Chinese nation-state espionage actors were deployed in a ransomware attack
Symantec data reveals RansomHub claimed more attacks than any other group in Q3 2024
Symantec said Chinese espionage group Daggerfly has updated its malware toolkit as it looks to target Windows, Linux, macOS and Android operating systems
Symantec figures suggest a 9% annual increase claimed ransomware attacks
Symantec highlights distinctive DLL sideloading technique
Symantec explained that the attack leveraged a new variant of Budworm’s SysUpdate backdoor
Symantec says it was used in a failed LockBit attack
Symantec warns of mounting threat to critical infrastructure
Symantec said the new campaign focused on acquiring military and security intelligence
Symantec's Threat Hunter Team said these campaigns have been ongoing for several years
Symantec warns North Korean actors may return for further exploitation
Symantec described the findings today, saying the ongoing campaign likely started in November 2022
According to Symantec, the targeting of a certificate authority was notable
The campaign was disclosed by Symantec and AhnLab but Cisco Talos is now providing more details