it-daily.net2d
Medusa ransomware attacks escalating in 2025
Procedure of the Medusa hackers. The main route of infection for Medusa ransomware is targeted phishing campaigns.
SecurityWeek5d
Medusa Ransomware Uses Malicious Driver to Disable Security Tools
The Medusa ransomware relies on a malicious Windows driver to disable the security tools running on the infected systems.
The Hacker News2d
Hackers Repurpose RansomHub's EDRKillShifter in Medusa, BianLian, and Play Attacks
RansomHub's EDRKillShifter used in 2024 ransomware by Medusa, BianLian, and Play, revealing cross-gang tool sharing.
TechRadar6d
Medusa ransomware is able to disable anti-malware tools, so be on your guard
Researchers spot Medusa ransomware operators deploying smuol.sys This driver mimics a legitimate CrowdStrike Falcon driver Medusa is actively targeting critical infrastructure organizations ...
SecurityWeek2d
Ransomware Groups Increasingly Adopting EDR Killer Tools
ESET uncovers a link between RansomHub, Play, Medusa, and BianLian ransomware gangs as more groups adopt tools to disable EDR software.
HHS6d
Medusa Ransomware Brings Its Own Vulnerable Driver
See Also: Expel: Annual Threat Report 2025 "Bring Your Own Vulnerable Driver" is a well-trod method hackers use to disable security tools and the Medusa ransomware operation has apparently taken to it ...
WeLiveSecurity3d
Shifting the sands of RansomHub’s EDRKillShifter
ESET researchers discover new ties between affiliates of RansomHub and of rival gangs Medusa, BianLian, and Play.
Ransomware gangs increasingly brandish EDR bypass tools
Ransomware actors are increasingly abusing vulnerable drivers to craft tools known as "EDR killers," which can disrupt and ...
Becker's Hospital Review3d
Feds warn healthcare of ‘double extortion’ ransomware threat
The FBI and other federal authorities are warning healthcare organizations to safeguard against a ransomware group targeting the industry. The Medusa ransomware-as-a-service variant has been used to ...