“Medusa ransomware gang has infected more than 300 organizations in critical infrastructure sectors such as the medical, manufacturing and technology industries” is not the sort of news you want to hear. Nonetheless, facts are facts. And the facts are not that great for team blue. Medusa gets in via some unpatched CVE, often your firewall or VPN, or sometimes your monitoring tools (e.g. SolarWinds). Medusa uses “Living of the Land” techniques, meaning, it uses the same tools you do. T...
