The Canadian Psychological Association (CPA), the main official body for psychologists in Canada, is said to have been the target of a cyberattack by the infamous Medusa ransomware group.
The recent incident points out the rising risk posed by threat actors demanding confidential data from enterprises. The CPA, founded in 1939 and registered under the Canada Corporations Act in May 1950, is currently dealing with the fallout from this breach.
The cyberattack on the Canadian Psychological Association
Medusa, an infamous cyber threat actor, took involvement in the CPA attack. On its dark web channel, "MEDUSA BLOG," the gang released details of the Canadian Psychological Association data breach, adding a countdown timer to put heat to the situation at hand.
They have issued deadlines, seeking $10,000 to postpone the release of hacked info for another day, and a whopping $200,000 to completely delete the data, which may then be retrieved again.
The CPA has yet to publish an official comment or statement in response to the Canadian Psychological Association data leak.
Victims of Medusa Ransomware group
This cyberattack on the CPA is not a single incident. The Minneapolis Public School (MPS) District suffered a massive ransomware attack. In this instance, highly sensitive data regarding children and teachers was revealed on the internet, including complaints of abuse and psychological reports.
MPS initially declined to pay a $1 million ransom, and their encrypted systems were successfully restored using backups. The Medusa hacker gang, on the other hand, had not only encrypted the data but also exfiltrated their own copy, which they then published on the web and promoted via links on a Telegram channel.
Let’s try to understand MedusaLocker ransomware
MedusaLocker Ransomware was discovered in September 2019 and mostly attacks Windows devices via SPAM. This malware has unusual characteristics, such as booting into safe mode before action and file encryption. Depending on the version, it uses BAT files or PowerShell. Due to changes made by the current edition, the infected machine may suffer issues at boot-up.
After initial access, MedusaLocker grows over a network by launching a PowerShell script via a batch file. It deactivates security and forensic applications, restarts the machine in safe mode to avoid getting caught, and then locks files with AES-256 encryption. In addition, it disables start-up recovery, disables local backups, and leaves a ransom notice in every folder holding compromised data.
