Contactez-nous Suivez-nous sur Twitter En francais English Language

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN



Cyjax: Telltale signs that the Medusa Ransomware group are Russian affiliated

May 2024 by Ian Thornton-Trump, CISO, Cyjax & Roman Faithful, Cyber Threat Intelligence Team Lead, Cyjax

Brick Court Chambers disclosed itself as the latest victim of the Medusa Ransomware, a suspected Russian ransomware organisation. This attack comes just a week following a speech by Anne Keast Butler, Director at GCHQ who had warned against increased operations from Russia.
The comments from Cyjax on the ransomware group and why they believe it is aligned with the Kremlin.

Ian Thornton-Trump, CISO, Cyjax:
“Although we cannot be certain that this is a Russian hacking operation, the fact is that the group posts updates on Russian language cybercrime forums and that there is a prohibition from targeting organisation within the Russian geopolitical sphere of influence through the commonwealth of independent states is a strong indicator of the groups likely origins and allegiance. This particular group works hard to preserve its relationship with the Kremlin – enjoying for a moment a certain level of tolerance. This ‘if it’s bad for the west, it’s good for us’ Russian foreign policy objective is amplified by them and other ransomware organisations.”

Roman Faithful, Cyber Threat Intelligence Team Lead, Cyjax:
Users of the Russian-language cybercriminal forums where Medusa, among other RaaS groups, conducts recruitment, frequently use various Russian-language colloquialisms, slang, and expressions unique to “Fenya” (Russian prisoner cant). Forum users often employ this language to add credibility and authenticity to their content, and confuse security researchers and law enforcement agents.

See previous articles


See next articles

Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55

All new podcasts