The Health Sector Cybersecurity Coordination Center (HC3) has issued a warning to healthcare providers in its new analyst note regarding the MedusaLocker ransomware, the latest variant used to encrypt healthcare systems. 

Interestingly, while the Medusa operation was launched in June 2021, a relatively low level of activity was observed, with not many victims. However, the ransomware gang increased its activity in 2023 and launched a blog called the Medusa Blog. This blog was designed to help victims who refused to pay the ransom.

MedusaLocker must rank under some of the more widely known ransomware variants, such as Royal and Clop. These variants have recently been used against healthcare systems. The system, as it stands, is capable of causing significant damage if left unattended for a long period. 

The MedusaLocker ransomware program was first detected in September 2019 and since then it has become one of the primary targets of healthcare. In particular, the group was able to infiltrate systems by taking advantage of confusion over the COVID-19 pandemic. As a managed service provider, the company provides ransomware as a service (RaaS) to its customers. 

There was a huge ransomware attack on the National Securities Commission last Wednesday, resulting in a $100,000 loss. In this case, Medusa gained access to computers on the agency's network. The agency's systems hosted thousands of documents and databases and the hacking group obtained them. In a statement released Sunday afternoon, authorities said the breach was contained. 

The hackers stated that if they did not receive a payment of US$500,000 within a week, they would release 1.5 terabytes of confidential financial information to the public. According to a press release issued by the CNV, the ransomware attack was effectively "isolated and contained" as the public health agency stated that it had prevented the virus from harming any other computers within the organization. 

Medusa has captured several government computers, according to a press release sent out by CNV. In addition, various government websites have been taken down. A report in the publication stated that "the acting protocol helped isolate the computers from anyone outside of the organization." 

After claiming responsibility for an attack on Minneapolis Public Schools (MPS) this week, Medusa was reported to have garnered media attention after sharing a video showing stolen data that had been stolen from the district. 

Even though the CNV intends to press charges for the justice system to investigate what caused the attack and who was responsible, the press release states that they intend to press charges. 

A ransomware attack occurs when a computer runs programs designed to encrypt files on the victim's machine. As a result of the attack, the files are encrypted, and the attacker asks the victim to pay a ransom in exchange for the key to unlock them.  

First surfacing in June 2021, Medusa ransomware has quickly expanded to target corporations, often demanding ransoms ranging from $10,000 to $1,000,000, and started targeting many companies. Hackers have created a blog where they publish the data of victims who refuse to pay the ransom so that the hacker community can learn about it.

Upon receiving US$500,000 from the agency within a week of the theft, the group threatened to release the stolen CNV information on the platform. 

Despite the devastating damage caused by a ransomware attack on Argentina's Securities Commission on Tuesday, authorities have managed to contain the breach, prevent further proliferation of the malware, and contain any further spread of the infection. A ransom demand of $500,000 has been put forth by the hackers behind Medusa, threatening that if they do not receive their demand, 1.5 terabytes of financial information will be released publicly. 

There have been immediate steps taken by the commission to isolate and protect the system, but they are also laying the groundwork for legal action to identify the perpetrators and bring them to justice. A critical financial institution's cyber security measures need to be heightened to combat the increasing threat of ransomware attacks and to prevent data breaches shortly.