The Spearwing ransomware-as-a-service (RaaS) group have increased their rate of Medusa attacks, possibly capitalizing on recent openings in the cybercrime market. The group uses consistent, effective methodologies to execute double-extortion attacks, both stealing data and encrypting systems to maximize leverage against their victims. The Symantec Threat Hunter team provides a case study of a January 2025 Medusa attack on a US healthcare company, detailing the mechanics of the attack and listing indicators of infiltration.
