Medusa Ransomware against Data Privacy: A Comprehensive Study of Ransomware Attacks Across Various Organizations and Strategic Recommendations for Future Prevention

Medusa Ransomware against Data Privacy: A Comprehensive Study of Ransomware Attacks Across Various Organizations and Strategic Recommendations for Future Prevention

연구 분야: Strategies

학회: ICISS '24: Proceedings of the 2024 7th International Conference on Information Science and Systems

Medusa Ransomware was first introduced as a Ransomware-as-a-Service (RaaS) model by late 2022 and has 74 organizations across the spectrum of industries affected to date. Due to its recent emergence, there is currently a limited amount of readily available literature regarding the malware. It poses a significant threat with its unique extortion tactic. This study comprehensively analyzes Medusa's origins, propagation methods, and distinct features, emphasizing its encryption algorithm and global targeting of high-profile organizations. The paper studies the Medusa Group's operational dynamics and exposes the ransomware's attack mechanisms, including Living Off the Land (LOTL) tactics and exploiting vulnerabilities like ProxyShell. It also covers a comprehensive study of real-world cases of Medusa Ransomware, such as the Minneapolis Public School District, PhilHealth, and Toyota Financial Services. The study dissects the severe impact of Medusa on data privacy and organizational functions. Strategic recommendations are provided to strengthen cybersecurity measures further. This research aims to help organizations and individuals defend against Medusa, considering the escalating global cost of data breaches and the growing threat of Medusa Ransomware as a newly introduced menace to the industry.