EN
  • Cyber stability
  • Secops
  • Risks management
  • Digital transformation
  • Digital Sovereignty
  • Cybercrime
  • Industry and OT
  • Fraud
  • Digital identity
  • Cyber +
    • The CISA Publishes a Report on the Medusa Ransomware Gang
    • Home
    • Cybercrime
    • The CISA Publishes a Report on the Medusa Ransomware Gang

    The CISA Publishes a Report on the Medusa Ransomware Gang

    Written by
    The Editorial Team
    03.13.25
    Cybercrime
    01
    MIN
    The CISA Publishes a Report on the Medusa Ransomware Gang
    The CISA Publishes a Report on the Medusa Ransomware Gang
    The CISA Publishes a Report on the Medusa Ransomware Gang
    Image According to the Five Eyes, Chinese spies are using job sites to recruit insiders
    Cybercrime
    06.08.26 Cybercrime
    Next article
    According to the Five Eyes, Chinese spies are using job sites to recruit insiders
    Read
    02
    MIN
    Image From the Sea to the Servers: Behind the Scenes of the Cyber-Maritime War in the Gulf.
    Cyber stability
    05.26.26 Cyber stability
    Next article
    From the Sea to the Servers: Behind the Scenes of the Cyber-Maritime War in the Gulf.
    Read
    05
    MIN
    Image France and the Netherlands lead the dismantling of First VPN, a service popular among cybercriminals
    Cybercrime
    05.25.26 Cybercrime
    Next article
    France and the Netherlands lead the dismantling of First VPN, a service popular among cybercriminals
    Read
    01
    MIN
    Image Arrest of Canadian man suspected of running the KimWolf botnet
    Cybercrime
    05.25.26 Cybercrime
    Next article
    Arrest of Canadian man suspected of running the KimWolf botnet
    Read
    01
    MIN
    Active since 2021, the cybercriminal group has targeted over 300 critical entities worldwide, including municipalities in France.

    The CISA, the U.S. equivalent of France’s Anssi, and the FBI published a report on March 12, 2025, about the Medusa ransomware gang. Emerging in 2021, the cybercriminal group has attacked at least 300 critical entities worldwide, including numerous public organizations.

    Medusa notably hacked educational institutions in Minneapolis in 2023, exposing sensitive information on more than 100,000 students. The gang has also targeted municipalities in France, public organizations in Illinois and Texas, government agencies in the Philippines, state IT systems in Tonga, and a technology company in Canada.

    Initially operating as a closed group, Medusa later transitioned to a Ransomware-as-a-Service (RaaS) model, involving affiliates. According to the report, the gang’s attacks are “relatively basic” and rely on phishing, exploiting unpatched vulnerabilities, or using initial access brokers.

    Medusa typically contacts its victims immediately after an attack, giving them 48 hours to pay a ransom. After this period, gang negotiators often reach out to the targeted entity’s executives to persuade them to comply with the ransom demand.

    The Editorial Team
    03.13.25
    Articles by the same author:
    1
    06.15.26 Cyber +
    Meta removes facial recognition features from its smart glasses
    Read
    01
    MIN
    2
    06.14.26 Digital Sovereignty
    The new draft European regulation includes a four-level classification system, very close to provisions removed in 2024 from the EUCS certification.
    Read
    02
    MIN
    3
    06.14.26 Cybercrime
    A Cyberattack Forces a British Secondary School to Close
    Read
    01
    MIN
    4
    06.10.26 Cyber +
    Canada: Artificial Intelligence as a Pillar of Digital Sovereignty
    Read
    02
    MIN
    Image According to the Five Eyes, Chinese spies are using job sites to recruit insiders
    Cybercrime
    06.08.26 Cybercrime
    Next article
    According to the Five Eyes, Chinese spies are using job sites to recruit insiders
    Read
    02
    MIN
    Image From the Sea to the Servers: Behind the Scenes of the Cyber-Maritime War in the Gulf.
    Cyber stability
    05.26.26 Cyber stability
    Next article
    From the Sea to the Servers: Behind the Scenes of the Cyber-Maritime War in the Gulf.
    Read
    05
    MIN
    Image France and the Netherlands lead the dismantling of First VPN, a service popular among cybercriminals
    Cybercrime
    05.25.26 Cybercrime
    Next article
    France and the Netherlands lead the dismantling of First VPN, a service popular among cybercriminals
    Read
    01
    MIN
    Image Arrest of Canadian man suspected of running the KimWolf botnet
    Cybercrime
    05.25.26 Cybercrime
    Next article
    Arrest of Canadian man suspected of running the KimWolf botnet
    Read
    01
    MIN
    Stay tuned in real time
    Subscribe to
    the newsletter
    By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.
    Stay tuned in real time
    Subscribe to
    the newsletter
    By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.