The group is using the Medusa malware and taking up space once held by other notable ransomware groups like LockBot, increasing its victim list to 400 and demanding astoundingly high ransoms.
March 7, 2025 By Kristina Beek
Medusa ransomware attacks are increasingly becoming a core tool for a threat group known as "Spearwing," which has amassed hundreds of victims since 2023; nearly 400, in fact, have been listed on its leak site.
The ransom demands when using Medusa ransomware range from $100,000 to a whopping $15 million, according to Symantec's threat hunter team.
Symantec's researchers believe that Spearwing is taking advantage of the wide-open gap in the ransomware space with the decline of groups like Noberus and LockBit, eager to make a name for itself with its continuously increasingly activity.