The Medusa Ransomware Gang's Attack on Matej Bel University

The Medusa ransomware gang has attacked Matej Bel University. Matej Bel University is a public research university in Slovakia. It has 6700 students and was founded in 1992. Medusa posted Matej Bel University to its data leak site on June 24th, claiming to have stolen a “large amount of information and threatening to publish exfiltrated data on June 3rd if the university fails to pay a $500,000 ransom.

The Rise of Medusa

The Medusa gang made its debut in the summer of 2021 and has evolved to be one of the more active RaaS (Ransomware-as-a-Service) platforms in late 2022. The attackers restart infected machines in safe mode to avoid detection by security software as well preventing recovery by deleting local backups, disabling startup recovery options, and deleting shadow copies.

Increased Activity and Ransom Demands

Medusa ramped up attacks in the latter part of 2022 and has been one of the most active groups in the first quarter of 2023. Medusa typically demands ransoms in the millions of dollars, which can vary depending on the target organization’s ability to pay.

Method of Attack

The Medusa ransomware gang (not to be confused with the operators of the earlier MedusaLocker) ransomware typically compromises victim networks through malicious email attachments (macros), torrent websites, or malicious ad libraries. Medusa can terminate over 280 Windows services and processes without command line arguments.