Meduza (MedusaLocker) Ransomware
Meduza represents a harmful ransomware threat designed with the primary objective of encrypting files stored on a victim's computer or network. To accomplish this, Meduza utilizes a robust encryption algorithm to lock away the contents of various files. As part of its encryption process, it appends a distinct file extension, namely '.meduza24,' to the original filenames. Additionally, the Meduza ransomware leaves behind a ransom note named 'How_to_back_files.html' to communicate with the victim.
For instance, when Meduza encrypts files, it alters their names in the following manner: '1.jpg' becomes '1.jpg.meduza24,' '2.png' transforms into '2.png.meduza24,' and so on. This specific strain of ransomware is associated with the larger MedusaLocker family of malware, known for its encryption-based extortion tactics.
Victims of the Meduza Ransomware will Lose Access to Their Files and Data
The ransom note serves as a critical communication from the attackers to the victim, informing them that their vital files have been subjected to encryption using the RSA and AES encryption algorithms. The note strongly advises against any attempts to restore these files using third-party software, cautioning that such actions could potentially result in irreversible damage. Furthermore, the perpetrators discourage any modifications or renaming of the encrypted files.
In a bid to assert their control and dominance, the cybercriminals claim that no publicly available software on the internet possesses the capability to decrypt the files. Victims are told that only the attackers hold the key to restoring the impacted data. In addition, the note states that the attackers have gone as far as collecting highly sensitive and personal data, securely stored on a private server. The assurance is that this data will be permanently deleted upon receiving the demanded ransom. However, refusal to pay will result in the public release or potential resale of the compromised data.
The note attempts to clarify the attackers' motivations, emphasizing that their sole objective is financial gain and not to tarnish the victim's reputation or disrupt their business operations. To demonstrate their willingness to cooperate, the attackers offer to decrypt 2-3 less important files free of charge upon request.
Contact information for initiating negotiations and obtaining the decryption software is provided through two distinct email addresses (ithelp01@securitymy.name and ithelp01@yousheltered.com). The note also advises the creation of a new, anonymous email account on protonmail.com to establish contact, presumably to maintain a level of anonymity.
A stringent deadline of 72 hours is imposed, with the ransom amount escalating if the victim fails to establish contact within this narrow timeframe. Additionally, a reference to Tor-chat is included as another option for ongoing communication.
Take Proactive Actions to Ensure that Your Data is Safe
Ensuring the safety of your data and devices is crucial in today's digital age, where cyber threats are prevalent. To proactively protect your data and devices, consider the following actions:
Regularly Update Software and Firmware: Keep your operating system, applications, and device firmware up to date. Developers release updates to patch security vulnerabilities.
Install and Update Security Software: Install reputable anti-malware software on your devices. Keep these programs updated to defend against the latest threats.
Practice Safe Browsing Habits: Be cautious when clicking on links or downloading files from unexpected sources. Avoid suspicious websites, and use a secure and up-to-date web browser.
Regularly Back Up Your Data: Put into effect a routine backup strategy for your important files. Backup data to an external drive or a cloud service. Ensure backups are encrypted and password-protected.
Secure Your Wi-Fi Network: Use a strong, unique password for your Wi-Fi network. Enable network encryption (WPA3) and change default router login credentials.
Be Extra Cautious of Phishing Attempts: Stay vigilant against phishing emails and messages. Try not to click on suspicious links or provide personal information to unknown sources.
Educate Yourself About Cybersecurity: Stay informed about the latest cybersecurity threats and best practices. Knowledge is a powerful defense.
By following these proactive measures, you can significantly enhance the safety of your data and devices in an increasingly interconnected digital world.
The full text of the ransom note of Meduza Ransomware is:
'YOUR PERSONAL ID:
/!\ YOUR COMPANY NETWORK HAS BEEN PENETRATED /!\
All your important files have been encrypted!Your files are safe! Only modified. (RSA+AES)
ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE
WILL PERMANENTLY CORRUPT IT.
DO NOT MODIFY ENCRYPTED FILES.
DO NOT RENAME ENCRYPTED FILES.No software available on internet can help you. We are the only ones able to
solve your problem.We gathered highly confidential/personal data. These data are currently stored on
a private server. This server will be immediately destroyed after your payment.
If you decide to not pay, we will release your data to public or re-seller.
So you can expect your data to be publicly available in the near future..We only seek money and our goal is not to damage your reputation or prevent
your business from running.You will can send us 2-3 non-important files and we will decrypt it for free
to prove we are able to give your files back.Contact us for price and get decryption software.
email:
ithelp01@securitymy.name
ithelp01@yousheltered.comTo contact us, create a new free email account on the site: protonmail.com
IF YOU DON'T CONTACT US WITHIN 72 HOURS, PRICE WILL BE HIGHER.Tor-chat to always be in touch:'
