Medusa Ransomware Surges: Over 40 Attacks in Two Months, Healthcare Hit

Article Highlights
Off On

In a startling surge, Medusa ransomware has claimed over 40 victims within the first two months of 2025, notably including a confirmed attack on a prominent US healthcare organization. This marks an alarming increase compared to the same period in 2024 when there were significantly fewer recorded attacks. According to Symantec’s threat hunting team, this recent uptick almost doubles the number of Medusa-related incidents observed in the previous year. Since its emergence in early 2023, Medusa ransomware has consistently targeted various sectors, listing nearly 400 victims on its data leaks site. However, experts believe the true number of victims is significantly higher, as many organizations choose to pay the ransom without reporting the breach.

Attack Methods and Tactics

Medusa operates as a ransomware-as-a-service (RaaS) orchestrated by a group known as Spearwing. This iteration of Medusa should not be confused with the older MedusaLocker variant. Spearwing employs sophisticated double-extortion tactics, which involve stealing sensitive data before encrypting network files. This tactic compels victims to pay the ransom, fearing the public release of their sensitive information. Spearwing usually gains initial access to networks by exploiting unpatched vulnerabilities in public-facing applications. Frequently, Microsoft’s Exchange Servers are popular targets. Once inside the network, attackers use legitimate tools and sophisticated methods to avoid detection and move laterally within the compromised environment.

Spearwing’s operational toolkit includes remote management software like SimpleHelp or AnyDesk for maintaining persistent access. Tools like PDQ Deploy aid in lateral movement across the network, while techniques such as Bring Your Own Vulnerable Driver (BYOVD) help disable security software. Other utilities like Navicat and RoboCopy are employed for data extraction and exfiltration. Upon executing the ransomware, Medusa adds the .medusa extension to encrypted files and leaves a ransom note titled !READ_ME_MEDUSA!!!.txt. Victims are typically given 10 days to pay the ransom, with the amount increasing by $10,000 each day they seek to extend the deadline.

Impact on Healthcare and Other Victims

In January 2025, one significant attack targeted an unnamed US healthcare organization, affecting hundreds of devices across its network. Attackers reportedly remained active on the network for four days, exhibiting a deliberate strategy to identify valuable data. This attack underscored a trend of increased dwell time, allowing attackers to maximize the value of the data they exfiltrate. Medusa’s capability to delete itself from victim systems post-ransom execution has further complicated investigation efforts, making it exceptionally challenging for cybersecurity teams to trace and study the attack in detail.

Comparitech, a consumer website, reported that out of 959 confirmed ransomware attacks in February 2025, seven targeted healthcare organizations. Medusa was responsible for three of these incidents, including attacks on SimonMed Imaging in the US, Bell Ambulance in Wisconsin, and HCRG Care Group in the UK. Each of these incidents involved varying ransom demands and data theft claims, highlighting Medusa’s adaptability and relentlessness in its operations. The healthcare sector appears particularly vulnerable due to the critical nature of its services and the sensitivity of the data handled, making it a lucrative target for ransomware groups.

Cybersecurity Community’s Response

In response to the dramatic rise of Medusa ransomware attacks, the cybersecurity community has ramped up efforts to counter and mitigate the threats posed by such malicious software. Industry experts emphasize the importance of robust security measures, proactive vulnerability management, and increased awareness among organizations to avoid becoming victims. Collaboration among international cybersecurity teams and law enforcement agencies is also critical in tracking down and dismantling ransomware groups like Spearwing. As the threat of Medusa ransomware continues to grow, it serves as a stark reminder of the ever-evolving landscape of cyber threats and the ongoing need for vigilance and preparedness in defending against them.

Explore more

Robotic Process Automation Software – Review

In an era of digital transformation, businesses are constantly striving to enhance operational efficiency. A staggering amount of time is spent on repetitive tasks that can often distract employees from more strategic work. Enter Robotic Process Automation (RPA), a technology that has revolutionized the way companies handle mundane activities. RPA software automates routine processes, freeing human workers to focus on

RPA Revolutionizes Banking With Efficiency and Cost Reductions

In today’s fast-paced financial world, how can banks maintain both precision and velocity without succumbing to human error? A striking statistic reveals manual errors cost the financial sector billions each year. Daily banking operations—from processing transactions to compliance checks—are riddled with risks of inaccuracies. It is within this context that banks are looking toward a solution that promises not just

Europe’s 5G Deployment: Regional Disparities and Policy Impacts

The landscape of 5G deployment in Europe is marked by notable regional disparities, with Northern and Southern parts of the continent surging ahead while Western and Eastern regions struggle to keep pace. Northern countries like Denmark and Sweden, along with Southern nations such as Greece, are at the forefront, boasting some of the highest 5G coverage percentages. In contrast, Western

Leadership Mindset for Sustainable DevOps Cost Optimization

Introducing Dominic Jainy, a notable expert in IT with a comprehensive background in artificial intelligence, machine learning, and blockchain technologies. Jainy is dedicated to optimizing the utilization of these groundbreaking technologies across various industries, focusing particularly on sustainable DevOps cost optimization and leadership in technology management. In this insightful discussion, Jainy delves into the pivotal leadership strategies and mindset shifts

AI in DevOps – Review

In the fast-paced world of technology, the convergence of artificial intelligence (AI) and DevOps marks a pivotal shift in how software development and IT operations are managed. As enterprises increasingly seek efficiency and agility, AI is emerging as a crucial component in DevOps practices, offering automation and predictive capabilities that drastically alter traditional workflows. This review delves into the transformative