Ransomware MedusaLocker

The MedusaLocker ransomware targets its attacks on small and medium-sized businesses. The group was first spotted in September 2019, being noticed by MalwareHunterTeam.

The ransomware invades the system from macros, malicious ads, and torrent sites. After execution, Medusa begins to encrypt files by adding extensions making it impossible to access the information.

It is advisable that in cases of invasion, the machine’s internet is disabled, avoiding the contamination of other systems connected to the same network.

The group uses a strategy to attract trust by offering to decrypt a file of the victim’s choice up to 10Mb. MedusaLocker uses AES 256 + RSA-2048 encryption, an algorithm that prevents any free ransomware tool from succeeding and can cause permanent data loss if used.

To make the negotiation a link is added with the ransom note, allowing the victim to contact the group and make the payment in Bitcoin. However, there is no guarantee of obtaining the decryption key. Therefore, the best way is to turn to companies that specialize in the problem, and Digital Recovery has the right profile to recover files encrypted by ransomware.

Recover files encrypted by MedusaLocker ransomware

We have been in the data recovery market for more than 23 years. Due to the great demand caused by cyber attacks, we have specialized in developing solutions capable of recovering files encrypted by ransomware quickly and efficiently. In addition to ransomware, we recover files from Virtual Machines, Databases, RAID systems, Servers, and more.

To ensure total confidentiality for our customers, we have developed the confidentiality agreement (NDA) that guarantees that your files will not be disclosed.

If you are looking for solutions to recover data encrypted by ransomware, Digital Recovery is the right choice. Start your diagnosis now.

We are always online

Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.

Latest insights from our experts

AtomSilo Ransomware

Ransomware AtomSilo

The AtomSilo ransomware emerged in September 2021, the group acts a little differently than other ransomware groups, the ransom amount is fixed, $1 million is

Khonsari Ransomware

Khonsari Ransomware

The Khonsari ransomware was the first group to exploit known Apache Log4j vulnerabilities (CVE-2021-44228 and CVE-2021-45046), the group has focused its attacks on Windows servers that


Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.