Cybercriminals are using MedusaLocker ransomware to encrypt the files of victims' computers, according to Bleeping Computer.
MedusaLocker was discovered last month by MalwareHunterTeam. Since that time, MedusaLocker samples have been submitted to ID Ransomware, a MalwareHunterTeam website that enables end users to upload a ransom note or sample encrypted file to identify ransomware used to encrypt data.
How Does MedusaLocker Work?
MedusaLocker performs various startup routines to prepare a computer for encryption, Bleeping Computer reported. It ensures that Windows networks are running and mapped network drives are accessible, identifies and stops security program processes and closes all data files and makes them available for encryption.
MedusaLocker then clears Shadow Volume Copies so that they cannot be used to restore files. It next removes backups made with Windows backup and disables Windows automatic startup repair.
Finally, MedusaLocker creates a ransom note that is placed in each folder that contains encrypted files. MedusaLocker also provides two email addresses to contact for ransom payment instructions.
How to Combat MedusaLocker Attacks
Hackers use MedusaLocker and other ransomware families to attack organizations across all industries, and the U.S. Department of Homeland Security (DHS) recently offered several tips to help organizations combat ransomware attacks, including:
- Back up your computer frequently.
- Store computer backups on external hard drives or other external devices.
- Provide cybersecurity awareness training to employees.
- Patch computers regularly.
- Avoid opening emails and web links from unknown senders.
MSSPs also can provide endpoint detection and response (EDR), security information and event management (SIEM) and other services to help organizations address ransomware attacks. Furthermore, MSSPs can provide organizations with recommendations to improve their security posture.