Medusa

Medusa Ransomware Made 300 Critical Infrastructure Victims  Medusa was initially operated as a closed ransomware, and, although it is currently using an affiliate model, ransom negotiations are still conducted by the malware developers, CISA, the FBI, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) note in a joint alert. The group engages in double extortion, encrypting victims’ data but also stealing it and threatening to leak it unless a ransom is paid. Medusa’s operators offer payments…