MEDUSA RANSOMWARE EXPOSED BY RANSOMEDVC

Executive summary: A RansomedVC leak released Medusa ransomware group chat transcripts (Dec 2022–Mar 2023) that reveal affiliate names, an initial-access broker (drumrlu), exploitation of CVE-2022-26134 and other RCEs, tooling (Volatility, GMER), persistence attempts (a Safe Mode service script), targeting patterns (US/Brazil, Fortinet access), and the group's use of a DLS to publish victim data—providing actionable operational details for detection and mitigation.