A Windows ransomware that will run certain tasks to prepare the target system for the encryption of files. MedusaLocker avoids executable files, probably to avoid rendering the targeted system unusable for paying the ransom. It uses a combination of AES and RSA-2048, and reportedly appends extensions such as .encrypted, .bomber, .boroff, .breakingbad, .locker16, .newlock, .nlocker, and .skynet.
This group has 0 victims. The victim list API is currently responding slowly for this dataset. Country, sector, and infostealer breakdowns are not available at this time. Basic stats (victim count, first/last seen) are shown above from a faster data source.