MEDUSA RANSOMWARE: SETTING STRONG FOOTHOLD

This report analyzes the Medusa ransomware group (distinct from MedusaLocker), covering its victimology (hundreds of victims, heavy US/English-speaking targeting), infection cycle and exploited CVEs, ransomware internals and post-compromise actions, darkweb data-leak site and TOR infrastructure, partnerships for leak dissemination, and a set of IOCs (MD5s, IPs, onion domains, emails) to support detection and hunting.