Medusa Ransomware Attacks Spread Rapidly due to Exploited Vulnerabilities, Breached Systems

Post Views: 8

Microsoft Warns Against Medusa Ransomware Group’s Alarming Rise

In a recent report, Microsoft highlighted the rapid growth of the Medusa ransomware group, which has been exploiting vulnerabilities and breaching systems across multiple industries since its inception in June 2021.

The group, identified as Storm-1175 by Microsoft, has demonstrated exceptional speed and agility in its attacks, capitalizing on short windows of opportunity and leveraging newly disclosed vulnerabilities to gain access to sensitive systems.

As a ransomware-as-a-service (RaaS), Medusa has managed to evade detection by exploiting unpatched vulnerabilities and utilizing advanced tactics, techniques, and procedures (TTPs) to maintain persistence and facilitate lateral movement.

According to Microsoft, Medusa has successfully breached over 300 organizations in the critical infrastructure sector by February 2025, with a particular focus on healthcare, education, professional services, and finance sectors in Australia, the United Kingdom, and the United States.

Tactics and Techniques Used by Medusa

Exploiting at least 16 vulnerabilities in various software applications, including Microsoft Exchange, Papercut, and Ivanti Connect Secure and Policy Secure.
Weakenizing newly disclosed vulnerabilities almost immediately, such as the exploitation of a NetWeaver bug just one day after its public disclosure.
Employing multiple security defects to achieve remote code execution (RCE) on victim systems, often chaining vulnerabilities to gain access to sensitive areas.
Targeting Linux systems, including Oracle WebLogic instances, and exploiting at least three zero-day flaws, including CVE-2026-23760 (SmarterMail) and CVE-2025-10035 (GoAnywhere MFT).

Recommendations from Microsoft

To combat the Medusa threat, Microsoft recommends that organizations:

Prioritize continuous inventory and monitoring of both internal and external systems to identify exploitable assets and reduce risks.
Address the heightened speed and efficiency of these campaigns by maintaining a robust security posture, staying up-to-date with patches and updates, and implementing effective incident response strategies.

According to Microsoft, “Organizations should take proactive measures to prevent and mitigate the effects of ransomware attacks. The Medusa group’s continued evolution and adaptation highlight the importance of vigilance and preparedness in protecting against this emerging threat.”

The report serves as a warning to organizations worldwide, emphasizing the need for proactive measures to prevent and mitigate the effects of ransomware attacks.