Medusa
Medusa is one of few legacy ransomware brands still active; it launched its dark web leaks site in January 2023.
This longevity has not diminished Medusa’s relevance, with a surge in activity observed in 2025 and reports suggesting North Korean state-sponsored threat actor Lazarus Group has adopted its malware for extortion campaigns. Like most ransomware actors, Medusa favours targets in the United States, with its most-victimized industries including capital goods, commercial and professional services, and healthcare.
