Ransomware Group

medusa

Medusa is a ransomware-as-a-service operation active since June 2021 that has targeted over 300 victims across critical infrastructure sectors including healthcare, education, legal, and manufacturing using double-extortion, with attacks surging 42% between 2023 and 2024 and a formal CISA advisory issued in early 2025.

517 Known Victims

Threat Level

CRITICAL

Known Infrastructure

The following Tor hidden services have been associated with this group:

medusakxxtp3uo7vusntvubnytaph4d3amxivbggl3hnhpk2nmus34yd.onion
hupxs7ps7md24kpz4lwsbra64abgxjx3pcc2wuca5ibawf2g5hlpfyqd.onion
dlmfciajg5s4vliyo5dhs5jyzhi2xr2fnkebul46lpf4xudtqiue4nid.onion
kyfiw76eol6ph2mq7pi5e5tdvce37bicddhai62qhdc5ja6jdchz4qqd.onion
cx5u7zxbvrfyoj6ughw76oa264ucuuizmmzypwum6ear7pct4yc723qd.onion

⚠️ Warning: These are malicious sites. Do not visit without proper security measures.

Check If You're Affected

Search our database to see if your organization appears in medusa's victim list.

Try It NowFree

Try:|

Get instant threat analysis with risk scores, threat categories, and detailed reports.

Other Active Ransomware Groups

Lockbit Blackcat Cl0p Play Bianlian Akira Rhysida