MedusaLocker Ransomware encrypts user data using AES + RSA-2048, and then requires victim to be sent an email to purchase the decryption program. The project file says: MedusaLocker.pdb. A "Medusa" section is also created in the registry. There are several variants of MedusaLocker but there functionality is same. Only difference is the file extensions which can be .encrypted .bomber .boroff .breakingbad .locker16 .newlock .nlocker .skynet
. Most of its features are of a typical Ransomware
but MedusaLocker can encrypt the contents of mapped network drives that may be present on infected systems. It manipulates Windows functionality to force network drives to be remapped so that their contents can also be encrypted and it can uses ICMP sweeping to profile the network to identify other systems that can be used to maximize the likelihood of a ransom payment.
MedusaLocker Ransomware Signatures
MedusaLocker Ransomware Download