CRITICALRansomware
Global

Medusa ransomware group using zero-days to launch attacks within 24 hours of breach, Microsoft says

Monday, April 6, 2026 at 08:08 PM UTC·Source: The Record

Updated: Monday, April 6, 2026 at 08:13 PM UTC

Executive Summary

Microsoft said it has been alarmed to see how effective Medusa actors are, citing multiple cases where the group can move from initial access to data exfiltration and ransomware deployment within 24 hours.

Analysis

Microsoft said it has been alarmed to see how effective Medusa actors are, citing multiple cases where the group can move from initial access to data exfiltration and ransomware deployment within 24 hours.
Source Attribution

Originally published by The Record on Apr 6, 2026.

Related Threats

HIGHRansomwareNEW

German authorities identify REvil and GangCrab ransomware bosses

The Federal Police in Germany (BKA) has identified two Russian nationals as the leaders of GandCrab and REvil ransomware operations between 2019 and 2021. [...]

BleepingComputer
HIGHRansomware

German police unmask two suspects linked to REvil ransomware gang

The suspects were named as Daniil Shchukin, a 31-year-old Russian national believed to have used the alias UNKN (UNKNOWN), and Anatoly Kravchuk, a 43-year-old Ukraine-born Russian citizen who investigators say worked as a developer for the group.

The Record
CRITICALRansomware

Microsoft links Medusa ransomware affiliate to zero-day attacks

Microsoft says that Storm-1175, a China-based financially motivated cybercriminal group known for deploying Medusa ransomware payloads, has been deploying n-day and zero-day exploits in high-velocity attacks. [...]

BleepingComputer