MedusaLocker (Malware Family)
By Fraunhofer FKIE
Archived: 2026-04-02 12:21:53 UTC
A Windows ransomware that will run certain tasks to prepare the target system for the encryption of files.
MedusaLocker avoids executable files, probably to avoid rendering the targeted system unusable for paying the
ransom. It uses a combination of AES and RSA-2048, and reportedly appends extensions such as .encrypted,
.bomber, .boroff, .breakingbad, .locker16, .newlock, .nlocker, and .skynet.
2023-11-13 ⋅ Medium shaddy43 ⋅
Decrypting the Mystery of MedusaLocker
MedusaLocker 2023-03-15 ⋅ Cybleinc ⋅ Cyble
Unmasking MedusaLocker Ransomware
MedusaLocker 2023-03-08 ⋅ AhnLab ⋅ ASEC
GlobeImposter Ransomware Being Distributed with MedusaLocker via RDP
GlobeImposter MedusaLocker 2022-09-30 ⋅ Cloudsek ⋅ Anandeshwar Unnikrishnan
Technical Analysis of MedusaLocker Ransomware
MedusaLocker 2022-08-08 ⋅ Medium CSIS Techblog ⋅ Benoît Ancel
An inside view of domain anonymization as-a-service — the BraZZZerSFF infrastructure
Riltok magecart Anubis Azorult BetaBot Buer CoalaBot CryptBot DiamondFox DreamBot GCleaner ISFB Loki
Password Stealer (PWS) MedusaLocker MeguminTrojan Nemty PsiX RedLine Stealer SmokeLoader STOP
TinyNuke Vidar Zloader 2022-07-01 ⋅ CISA ⋅ CISA, Department of the Treasury (Treasury), FBI, FINCEN
Alert (AA22-181A): #StopRansomware: MedusaLocker
MedusaLocker 2022-06-30 ⋅ CISA ⋅ CISA, Department of the Treasury (Treasury), FBI, FINCEN
CSA (AA22-181A): #StopRansomware: MedusaLocker
MedusaLocker 2022-01-19 ⋅ Mandiant ⋅ Adrian Sanchez Hernandez, Ervin James Ocampo, Paul Tarter
One Source to Rule Them All: Chasing AVADDON Ransomware
BlackMatter Avaddon BlackMatter MedusaLocker SystemBC ThunderX 2021-05-10 ⋅ DarkTracer ⋅ DarkTracer
Intelligence Report on Ransomware Gangs on the DarkWeb: List of victim organizations attacked by ransomware
gangs released on the DarkWeb
RansomEXX Avaddon Babuk Clop Conti Cuba DarkSide DoppelPaymer Egregor Hades LockBit Mailto Maze
MedusaLocker Mespinoza Mount Locker Nefilim Nemty Pay2Key PwndLocker RagnarLocker Ragnarok
RansomEXX REvil Sekhmet SunCrypt ThunderX 2021-02-23 ⋅ CrowdStrike ⋅ CrowdStrike
2021 Global Threat Report
RansomEXX Amadey Anchor Avaddon BazarBackdoor Clop Cobalt Strike Conti Cutwail DanaBot DarkSide
DoppelPaymer Dridex Egregor Emotet Hakbit IcedID JSOutProx KerrDown LockBit Mailto Maze MedusaLocker
Mespinoza Mount Locker NedDnLoader Nemty Pay2Key PlugX Pushdo PwndLocker PyXie QakBot Quasar RAT
RagnarLocker Ragnarok RansomEXX REvil Ryuk Sekhmet ShadowPad SmokeLoader Snake SUNBURST
SunCrypt TEARDROP TrickBot WastedLocker Winnti Zloader Evilnum OUTLAW SPIDER RIDDLE SPIDER
SOLAR SPIDER VIKING SPIDER 2020-12-10 ⋅ US-CERT ⋅ FBI, MS-ISAC, US-CERT
https://malpedia.caad.fkie.fraunhofer.de/details/win.medusalocker
Page 1 of 3

Alert (AA20-345A): Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data
PerlBot Shlayer Agent Tesla Cerber Dridex Ghost RAT Kovter Maze MedusaLocker Nanocore RAT Nefilim
REvil Ryuk Zeus 2020-11-19 ⋅ Cybereason ⋅ Assaf Dahan, Tom Fakterman
Cybereason vs. MedusaLocker Ransomware
MedusaLocker 2020-10-06 ⋅ CrowdStrike ⋅ The Crowdstrike Intel Team
Double Trouble: Ransomware with Data Leak Extortion, Part 2
Maze MedusaLocker REvil VIKING SPIDER 2020-09-25 ⋅ CrowdStrike ⋅ The Crowdstrike Intel Team
Double Trouble: Ransomware with Data Leak Extortion, Part 1
DoppelPaymer FriedEx LockBit Maze MedusaLocker RagnarLocker REvil RobinHood SamSam WastedLocker
MIMIC SPIDER PIZZO SPIDER TA2101 VIKING SPIDER 2020-09-24 ⋅ CrowdStrike ⋅ CrowdStrike Intelligence Team
Double Trouble: Ransomware with Data Leak Extortion, Part 1
DoppelPaymer Gandcrab LockBit Maze MedusaLocker RagnarLocker SamSam OUTLAW SPIDER
OVERLORD SPIDER 2020-08-25 ⋅ KELA ⋅ Victoria Kivilevich
How Ransomware Gangs Find New Monetization Schemes and Evolve in Marketing
Avaddon Clop DarkSide DoppelPaymer Mailto Maze MedusaLocker Mespinoza Nefilim RagnarLocker REvil
Sekhmet 2020-08-06 ⋅ Theta ⋅ Hamish Krebs
Part 3: analysing MedusaLocker ransomware
MedusaLocker 2020-08-05 ⋅ Theta ⋅ Hamish Krebs
Part 2: Analysing MedusaLocker ransomware
MedusaLocker 2020-08-04 ⋅ Theta ⋅ Hamish Krebs
Part 1: analysing MedusaLocker ransomware
MedusaLocker 2020-06-03 ⋅ VMWare Carbon Black ⋅ Brian Baskin
Medusa Locker Ransomware
MedusaLocker 2020-04-28 ⋅ Microsoft ⋅ Microsoft Threat Protection Intelligence Team
Ransomware groups continue to target healthcare, critical services; here’s how to reduce risk
LockBit Mailto Maze MedusaLocker Paradise RagnarLocker REvil RobinHood 2020-04-23 ⋅ Cisco Talos ⋅ Amit Raut,
Edmund Brumaghin
Threat Spotlight: MedusaLocker
MedusaLocker 2020-01-17 ⋅ Secureworks ⋅ Keita Yamazaki, Tamada Kiyotaka, You Nakatsuru
Is It Wrong to Try to Find APT Techniques in Ransomware Attack?
Defray Dharma FriedEx Gandcrab GlobeImposter Matrix Ransom MedusaLocker Phobos REvil Ryuk SamSam
Scarab Ransomware 2020-01-09 ⋅ ID Ransomware ⋅ Andrew Ivanov
Ako, MedusaReborn
MedusaLocker 2020-01-09 ⋅ Twitter (@siri_urz) ⋅ Twitter (@siri_urz)
Tweet on AKO Ransomware
MedusaLocker 2020-01-01 ⋅ Blackberry ⋅ Blackberry Research
State of Ransomware
Maze MedusaLocker Nefilim Phobos REvil Ryuk STOP 2019-11-05 ⋅ Dissecting Malware ⋅ Marius Genheimer
Try not to stare - MedusaLocker at a glance
MedusaLocker 2019-10-15 ⋅ Andrew Ivanov
MedusaLocker Ransomware
MedusaLocker
https://malpedia.caad.fkie.fraunhofer.de/details/win.medusalocker
Page 2 of 3

[TLP:WHITE] win_medusalocker_auto (20251219 | Detects win.medusalocker.)
Source: https://malpedia.caad.fkie.fraunhofer.de/details/win.medusalocker
https://malpedia.caad.fkie.fraunhofer.de/details/win.medusalocker
Page 3 of 3