MedusaLocker Ransomware: Here’s What MSSPs Need to Know – MSSP Alert

by Dan Kobialka Oct 25, 2019

Cybercriminals are using MedusaLocker ransomware to encrypt the files of victims computers, according to Bleeping Computer.

MedusaLocker was discovered last month by MalwareHunterTeam. Since that time, MedusaLocker samples have been submitted to ID Ransomware, a MalwareHunterTeam website that enables end users to upload a ransom note or sample encrypted file to identify ransomware used to encrypt data.

MedusaLocker performs various startup routines to prepare a computer for encryption, Bleeping Computer reported. It ensures that Windows networks are running and mapped network drives are accessible,identifies and stops security program processes and closes all data files and makes them available for encryption.

MedusaLocker then clears Shadow Volume Copies so that they cannot be used to restore files. It next removes backups made with Windows backup and disables Windows automatic startup repair.

Finally, MedusaLocker creates a ransom note that is placed in each folder that contains encrypted files. MedusaLocker also provides two email addresses to contact for ransom payment instructions.

Hackers use MedusaLocker and other ransomware families to attack organizations across all industries, and theU.S. Department of Homeland Security (DHS) recently offered several tips to help organizations combat ransomware attacks, including:

MSSPs also can provide endpoint detection and response (EDR), security information and event management (SIEM) and other services to help organizations address ransomware attacks. Furthermore, MSSPs can provide organizations with recommendations to improve their security posture.

Read the original post:
MedusaLocker Ransomware: Here's What MSSPs Need to Know - MSSP Alert