Become a Member

Log in

More Resources

Joint Cybersecurity Advisory – #StopRansomware: MedusaLocker

Author: Charles Egli

Created: Thursday, June 30, 2022 - 18:21

Categories: Cybersecurity

Today, the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the Department of the Treasury published a joint Cybersecurity Advisory (CSA) to provide information on the MedusaLocker ransomware. As noted in the CSA, MedusaLocker threat actors rely predominantly on vulnerabilities in Remote Desktop Protocol (RDP) to access victims’ networks.

The CSA provides further technical details of MedusaLocker, to include noting threat actors also frequently use phishing and spam campaigns – directly attaching ransomware to the email – as initial intrusion vectors. The CSA provides an overview of how MedusaLocker operates, indicators of compromise, IP addresses, the MITRE ATT&ACK techniques used by the threat actors, and more. It includes a list of mitigation actions, resources, and reporting information. Among the mitigation actions, the CSA recommends organizations implement the following today: 1) prioritize remediating known exploited vulnerabilities; 2) train users to recognize and report phishing attempts; and 3) enable and enforce multi-factor authentication. To report an incident or request technical assistance, contact CISA at ci*************@******hs.gov or 888-282-0870 or the FBI through a local field office.

Related Resources

Members Only

(TLP:AMBER) DHS Office of Intelligence and Analysis Reports (May 21, 2026)

May 21, 2026 in Cybersecurity, Federal & State Resources, Security Preparedness

(TLP:CLEAR) Weekly Vulnerabilities to Prioritize – May 21, 2026

May 21, 2026 in Cybersecurity, Security Preparedness
Members Only

(TLP:GREEN) PEAR Ransomware Claims U.S. Drinking Water Utility as Victim

May 21, 2026 in Cybersecurity, Security Preparedness