Threat actors associated with Medusa ransomware have stepped up their activities following the launch of a dedicated data leak site on the dark web in February 2023 to publish sensitive data of victims unwilling to accept their demands.

"As part of their multi-extortion strategy, this group will provide victims with multiple options when their data is posted on their leak site, such as time extension, data deletion or download of all the data," Palo Alto Networks Unit 42 researchers Anthony Galiette and Doel Santos said in a report shared with The Hacker News.

Ransomware attacks orchestrated by the group begin by exploiting internet-facing assets or applications with known unpatched vulnerabilities and hijacking legitimate accounts, often using initial means of access to gain a foothold in target networks.

As many as 74 organizations are estimated to be affected by ransomware in 2023, mostly in the US, UK, France, Italy, Spain and India.

Some of the precautions we need to take to protect ourselves from this type of attacks:

• Emails from unreliable sources should not be opened,

• A multi-factor authenticator should be used,

• Your system should always be updated with the latest version,

• Login logs should be followed,

• Regular backups should be made offline in the system.