Medusa Ransomware Unleashes New Tactics: Data Sale, Time Extension, and AI Threats


    In the ever-evolving landscape of cyber threats, Medusa Ransomware has taken a bold step by launching a dedicated blog to publish victim details, offering a chilling one-click data sale for $10,000. This notorious group, distinct from Medusa Locker malware, has introduced innovative strategies, including time extension schemes and data deletion services, all priced at $10,000.

    One-Click Data Sale:

    Medusa Ransomware has set a new precedent by enabling interested parties to purchase victim data effortlessly. For a flat fee of $10,000, potential buyers can access sensitive information instantly, reinforcing the audacity and ruthlessness of this cyber-criminal group.

    Time Extension Scheme:

    In an unprecedented move, Medusa Ransomware has implemented a time extension scheme for a fee of $10,000. This allows victims more time to gather the ransom payment. The introduction of such a scheme adds a layer of complexity to the already harrowing experience for targeted organizations.

    Data Deletion Services:

    Another alarming facet of Medusa’s operations is its data deletion services, also priced at $10,000. Victims, seeking assurance that their stolen data will be permanently erased, are confronted with an additional financial burden. This dual pricing strategy emphasizes the criminal group’s commitment to maximizing profits while inflicting considerable damage on their victims.

    Targets and Tactics:

    Palo Alto Networks owned Unit 42, in a comprehensive report, revealed that Medusa Ransomware targeted 72 organizations in 2023. Primarily focusing on disrupting computer networks, the group honed in on companies operating in Spain, Italy, France, the UK, the United States, and the Indian sub-continent. Notably, healthcare, technology, and education sectors emerged as prime targets.

    Distinctive Features:

    Medusa Ransomware stands out as the first group to automatically offer data wiping services from its servers upon completion of the ransom payment. This distinctive feature underscores the group’s efficiency and commitment to maintaining a menacing reputation in the cyber-criminal underworld.

    Law Enforcement and FBI Advisory:

    In response to such threats, the FBI strongly advises victims against paying ransoms, emphasizing that it only fuels criminal activities. The recommended course of action is to recover encrypted data from backups. In cases where data theft occurs, law enforcement suggests a cautious approach, recommending payment for data deletion only if assurance is provided regarding the removal of the victim’s information from criminal servers.

    Future Threats:
    Security researchers from Unit 42 caution that Medusa Ransomware may soon incorporate AI technology to intensify and sophisticate its attacks. This could involve threats such as automatic data deletion if a specified ransom amount is not paid within a stipulated time-frame, leaving victims with limited options.


    The rise of Medusa Ransomware showcases the ever-growing sophistication of cyber threats. As organizations grapple with these evolving tactics, it becomes imperative for the cybersecurity community and law enforcement agencies to collaborate in developing robust strategies to counteract such malicious endeavors and protect potential victims from falling prey to these digital extortion schemes.

    Naveen Goud
    Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

    No posts to display