Medusa Locker Ransomware Claims Six New Victims

Statistical Overview

Victim Totals

  • This month: 144
  • This quarter: 1690
  • Year to date: 4315
  • Last 24h: 18

Quarterly Breakdown

Q1: 2631 | Q2: 1690 | Q3: 0 | Q4: 0

Ransomware activity was moderate, with 18 new victims reported in the last 24 hours. The Q2 count of 1690 victims and year-to-date totals show global targeting continues.

Introduction

Ransomware groups posted 18 new victims on various leak sites in the past 24 hours. This shows a fragmented threat environment. Medusa Locker was the most active group, with six new incidents. Other groups included Anubis, CoinbaseCartel, INC_Ransom, and Krybit. Victim organizations were in sectors like Retail & Ecommerce, Transportation & Logistics, Construction & Engineering, Legal services, and Technology. Most targets were in the United States, with others across Brazil, China, India, Indonesia, and France.

Ransomware Summary Table

#GroupVictims (24h)Sample VictimsGeosSectors
1Medusa Locker6Académie de montpellier / csjm, Actionaid / tacosa, Baratai (+3)None, TanzaniaRetail & Ecommerce, Transportation & Logistics
2Anubis2D&m contractors, Jeffrey burrUnited States, United KingdomConstruction & Engineering, Legal
3CoinbaseCartel2Cambridge mobile telematic, Demand.ioUnited StatesTechnology / Software, Telecommunications
4INC Ransom2kelmreuter.com, obrieneng.comUnited StatesConstruction & Engineering, Legal
5Krybit2Huashan.com.cn, Schultz.com.brBrazil, ChinaHospitality & Travel, Manufacturing
6Nova (RALord)2Aspire hospital, Universitas nasionalIndonesia, IndiaHealthcare, Education
7LockBit1sandMauritiusHospitality & Travel
8Play News1Pearson fordUnited StatesAutomotive

Medusa Locker was most active, affecting six organizations in Retail & Ecommerce and Transportation & Logistics. These included Académie de montpellier / csjm and Actionaid / tacosa, a non-profit. Multiple other groups, including Anubis, CoinbaseCartel, INC_Ransom, and Krybit, each claimed two new victims. Targets were spread geographically, affecting organizations in the United States, United Kingdom, Brazil, China, India, Indonesia, and France. Groups like CoinbaseCartel, whose activities have been tracked in earlier PurpleOps analyses on Q2 ransomware threats, focused on technology and telecommunications firms.

Victim Distribution

By Country

  • United States: 7
  • Brazil: 2
  • None: 1
  • United Kingdom: 1
  • Tanzania: 1
  • Australia: 1
  • Mauritius: 1
  • Indonesia: 1
  • India: 1
  • France: 1

By Industry

  • Legal Services: 2
  • IT Infrastructure Services: 1
  • Telematics: 1
  • None: 1
  • Engineering and Architecture: 1
  • E-Commerce and AI Technology: 1
  • Automobile Dealers: 1
  • Building and Mechanical Services: 1
  • Non-profit Organization Management: 1
  • Relocation and Moving Services: 1

The United States is a primary target for ransomware operators, accounting for over a third of new victims. However, the spread of victims from Tanzania to Brazil and India shows ransomware targets globally. Industry targeting is also broad, with legal services, technology, and engineering firms seeing activity, as did retail and logistics.

Ransomware News

Topline - No significant new ransomware news was collected from public sources during the analysis period.

Campaigns & Operations - No new high-profile incidents or major actor announcements were reported, and no campaign shifts beyond observed victim postings.

Vulnerabilities & TTPs - There were no new reports detailing exploitation of zero-day vulnerabilities or shifts in ransomware groups' tradecraft detected.

Analyst Note - Without new external developments, monitoring ongoing ransomware activity on leak sites continues.

Technical Takeaways

  • Medusa Locker was the most active ransomware group, with six victims, mainly targeting Retail & Ecommerce and Transportation & Logistics. It remains a persistent threat, as detailed in PurpleOps real-time ransomware intelligence updates.
  • Eight ransomware groups accounted for the 18 new victims, showing a fragmented threat environment.
  • Geographic targeting was widespread. The United States was the most impacted country, followed by Brazil and other nations across Africa, Asia, and Europe.
  • Industries affected included Legal Services, Construction & Engineering, Technology / Software, and Healthcare. This shows threat actors used a broad approach.
  • Public service and non-profit organizations were among the victims, demonstrating that the impact extends beyond corporate entities.