Ransomware Group:  
Medusalocker



Sponsored by Hudson RockUse Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business


Sites | External Information | Tools | Yara Rules | Ransom Note(s) | Activity | Worldmap | Victims (43)

Medusa is a DDoS bot written in .NET 2.0. In its current incarnation its C&C protocol is based on HTTP, while its predecessor made use of IRC.


Sites

Title Available Last Visit FQDN Screenshot
None 🔴 2021-05-01 00:00:00.000000 qd7pcafncosqfqu3ha6fcx4h6sr7tzwagzpcdcnytiw3b6varaeqv5yd.onion N/A
Ransomware blog – We will not give ourselves a nam 🟢 2024-12-07 05:57:21.092139 z6wkgghtoawog5noty5nxulmmt2zs7c3yvwr22v4czbffdoly2kl4uad.onion 📸

External information

Tools used

Discovery RMM Tools Defense Evasion Credential Theft OffSec Networking LOLBAS Exfiltration
Advanced Port Scanner Remote Desktop Plus (RDP+) HRSword Invoke-TheHash Impacket PsExec
SoftPerfect NetScan PCHunter Mimikatz
ProcessHacker

This information is provided by Ransomware-Tool-Matrix

Yara Rules

Ransom Note(s)

Activity over time

Worldmap

43 Victims

GE flag

SILKNET COMPANY 

Company logo
Ransomware Group:

Discovery Date: 2024-11-26 21:19

URL:https://silknet.com https://geocell.ge/ On sale:Company email base(about 1tb)Customer dataCompany audit for 2023\24and more than 3tb of data. Price-$800000 There are a lot of corporate data, passports and other information.

Victim:   |  Group: 
 flag

Protected: HIDE NAME 

Company logo
Ransomware Group:

Discovery Date: 2024-05-09 02:41

Sector: Not Found
There is no excerpt because this is a protected post.

Victim:   |  Group: 
US flag

SHAMASS.ORG 

Company logo
Ransomware Group:

Discovery Date: 2024-05-02 14:07
Estimated Attack Date: 2024-04-25

Sector: Not Found
Descriptionemployee information – agreement – customer email(.xls)-.msg outlook files Price-$50000 (sale in one hand there are options for making a profit from these files will be included in the deal)

Victim:   |  Group: 
 flag

Protected: HIDE NAME SELL DATA SOON 

Company logo
Ransomware Group:

Discovery Date: 2024-04-26 00:23
Estimated Attack Date: 2024-04-25

Sector: Technology
There is no excerpt because this is a protected post.

Victim:   |  Group: 
 flag

Protected: Name is hidden 

Company logo
Ransomware Group:

Discovery Date: 2023-11-29 22:07

Sector:
There is no excerpt because this is a protected post.

Victim:   |  Group: 
 flag

skalar.com 

Company logo
Ransomware Group:

Discovery Date: 2023-11-29 16:13

Sector:
There is no excerpt because this is a protected post.

Victim:   |  Group: 
 flag

Ada-Borup-West School 

Company logo
Ransomware Group:

Discovery Date: 2023-10-23 13:14

Sector:
Descriptionemployee information – student information – all contracts Price: 35000$

Victim:   |  Group: 
 flag

wellons.org 

Company logo
Ransomware Group:

Discovery Date: 2023-10-23 13:14

Sector:
Descriptionemployee information – agreement – customer email(.xls)- pst files 15+GB all outlook message 2006-2023 year Price: 55000$

Victim:   |  Group: 
 flag

Confidential files 

Company logo
Ransomware Group:

Discovery Date: 2023-10-02 14:40

Sector:
A large number of documents of large companies are available for sale Revenue-$10-$70kk Financial documents, client cases, passports, tax evasion and many other documents are in closed sale, please contact qtox to coordinate the sale

Victim:   |  Group: 
 flag

INSULCANA CONTRACTING LTD 

Company logo
Ransomware Group:

Discovery Date: 2023-08-03 11:42
Estimated Attack Date: 2023-07-27

Sector:
Descriptionemployee information – agreement – customer email(.xls)- passport all canada and other documents Price: 35000$

Victim:   |  Group: 
 flag

Protected: INSULCANA CONTRACTING LTD 

Company logo
Ransomware Group:

Discovery Date: 2023-07-27 22:07

Sector:
There is no excerpt because this is a protected post.

Victim:   |  Group: 
 flag

Protected: Hidden name 

Company logo
Ransomware Group:

Discovery Date: 2023-07-17 19:05

Sector:
There is no excerpt because this is a protected post.

Victim:   |  Group: 
 flag

Hoosier Equipment company 

Company logo
Ransomware Group:

Discovery Date: 2023-07-04 22:02

Sector:
DescriptionClient Case – agreement – email(.msg)- and other documents Price: 60000$

Victim:   |  Group: 
 flag

Ucamco Belgium 

Company logo
Ransomware Group:

Discovery Date: 2023-07-02 11:00

Sector:
DescriptionClient Case – customers email-Audit information-There is also access to email for newsletters on behalf of the company PRICE-$80000

Victim:   |  Group: 
DE flag

reutlingen.ihk.de 

Company logo
Ransomware Group:

Discovery Date: 2023-06-24 02:01
Estimated Attack Date: 2023-06-16

Sector:
DescriptionClient Case – agreement – email(.msg)- contracts – and other documents PRICE-$80000

Victim:   |  Group: 
 flag

Hausamman company 

Company logo
Ransomware Group:

Discovery Date: 2023-06-24 02:00
Estimated Attack Date: 2023-06-16

Sector:
DescriptionClient Case – customers email-documents PRICE-$20000

Victim:   |  Group: 
HU flag

kafflogistic.hu 

Company logo
Ransomware Group:

Discovery Date: 2023-06-24 02:00
Estimated Attack Date: 2023-06-17

Sector:
DescriptionClient Case – agreement – email(outlook files)- contracts – and other documents PRICE-$50000

Victim:   |  Group: 
 flag

SELL DATA(qtox) 

Company logo
Ransomware Group:

Discovery Date: 2023-06-24 01:59
Estimated Attack Date: 2023-06-17

Sector:
Available for sale: to buy please contact qtox price negotiable qtox-E9CD65687463F67F64937E961DD723DC82C79CB548375AAE8AA4A0698D356C5E7E157B22E8CD

Victim:   |  Group: 
 flag

Jalux Americas, Inc. 

Company logo
Ransomware Group:

Discovery Date: 2023-06-14 18:01
Estimated Attack Date: 2021-11-03

Sector:
DescriptionClient Case – agreement – email(.msg) – and other documents Price: 160000$The company failed to take care of the data leak and therefore ,many contracts and other documents have been leaked to the Internet.We are also going to provide any documents related to the aforementioned company if any law enforcement agency should request it

Victim:   |  Group: 
 flag

arborsct.com 

Company logo
Ransomware Group:

Discovery Date: 2023-06-14 18:00

Sector:
DescriptionClient Case – agreement – email(.msg)- and other documents Price: 60000$ One copy will be sold, confidential informationThe company did not take care of the data leak, and therefore we will sell many contracts, customer data, financial component and other documentsin one lot for $ 60,000 for verification in the darknet or bank

Victim:   |  Group: 
 flag

Salmon Software 

Company logo
Ransomware Group:

Discovery Date: 2023-06-03 07:55
Estimated Attack Date: 2022-07-11

Sector:
DescriptionClient Case – agreement – email(.msg)- passport- and other documents Price: 120000$ Three copies will be sold, confidential informationThe company failed to take care of the data leak and therefore ,many contracts and other documents have been leaked to the Internet.Other: contracts, agreements and other bank checks, we will sell everything in one lot for… Continue reading Salmon Software

Victim:   |  Group: 
 flag

LETAPE JEUNES 

Company logo
Ransomware Group:

Discovery Date: 2023-06-03 07:53
Estimated Attack Date: 2023-06-02

Sector:
DescriptionClient Case – agreement – email(.msg)- contracts – and other documents(passports) PRICE-$40000

Victim:   |  Group: 
 flag

bsw-architects.com 

Company logo
Ransomware Group:

Discovery Date: 2023-04-11 01:50

Sector:
DescriptionClient Case – agreement – email(.msg)- contracts – and other documents PRICE-$80000 There are many projects, agreements and contracts that can be sold separately

Victim:   |  Group: 
 flag

DGLEGAL 

Company logo
Ransomware Group:

Discovery Date: 2022-11-15 07:39

Sector:

Group: 
 flag

emscrm 

Company logo
Ransomware Group:

Discovery Date: 2022-11-15 07:39

Sector:

Group: 
 flag

MIDAS Company 

Company logo
Ransomware Group:

Discovery Date: 2022-11-15 07:39

Sector:

Group: 
 flag

AURIS KONINKLIJKE AURIS GROEP 

Company logo
Ransomware Group:

Discovery Date: 2022-11-15 07:39

Sector:

Group: 
AE flag

fidelityunited.ae 

Company logo
Ransomware Group:

Discovery Date: 2022-11-15 07:39

Sector:

Group: 
 flag

goldcreekfoods 

Company logo
Ransomware Group:

Discovery Date: 2022-11-15 07:39

Sector:

Group: 
 flag

exheat.com 

Company logo
Ransomware Group:

Discovery Date: 2022-11-15 07:39

Sector:

Group: 
 flag

hwrpc.com 

Company logo
Ransomware Group:

Discovery Date: 2022-11-15 07:39

Sector:

Group: 
 flag

tristatefabricators_inc 

Company logo
Ransomware Group:

Discovery Date: 2022-11-15 07:39

Sector:

Group: 
 flag

atlantisholidays 

Company logo
Ransomware Group:

Discovery Date: 2022-11-15 07:39

Sector:

Group: 
 flag

archimages inc 

Company logo
Ransomware Group:

Discovery Date: 2022-11-15 07:39

Sector:

Group: 
 flag

ALTlTUDE AEROSPACE INC 

Company logo
Ransomware Group:

Discovery Date: 2022-11-15 07:39

Sector:

Group: 
 flag

Fonderia Boccacci 

Company logo
Ransomware Group:

Discovery Date: 2022-11-15 07:39

Sector:

Group: 
 flag

Zelena Laguna Hotel 

Company logo
Ransomware Group:

Discovery Date: 2022-11-15 07:39

Sector:

Group: 
 flag

LEGAZPIBANK 

Company logo
Ransomware Group:

Discovery Date: 2022-11-15 07:39

Sector:

Group: 
 flag

MCCLEAN16 company 

Company logo
Ransomware Group:

Discovery Date: 2022-11-15 07:39

Sector:

Group: 
 flag

lawtrade company 

Company logo
Ransomware Group:

Discovery Date: 2022-11-15 07:39

Sector:

Group: 
 flag

Autosoft company 

Company logo
Ransomware Group:

Discovery Date: 2022-11-15 07:39

Sector:

Group: 
 flag

BIOPLAN 

Company logo
Ransomware Group:

Discovery Date: 2022-11-15 07:39

Sector:

Group: 
 flag

Dyatech company 

Company logo
Ransomware Group:

Discovery Date: 2022-11-15 07:39

Sector:

Group: