Login

VincaSec · 12-09-2023, 11:12 PM

Pre oko 4 meseca, ransomware grupa Medusa je objavila na svom blogu poverljive podatke kompanije Novi Pazar-put d.o.o

Filename: Capture.JPG Size: 65.56 KB 12-09-2023, 11:01 PM

Filename: Capture4.JPG Size: 89.3 KB 12-09-2023, 11:05 PM

Filename: Capture5.JPG Size: 76.07 KB 12-09-2023, 11:05 PM

Filename: Capture7.JPG Size: 12.24 KB 12-09-2023, 11:06 PM

Filename: Capture8.JPG Size: 18.32 KB 12-09-2023, 11:07 PM

1van · 12-10-2023, 07:21 PM

Spominje se i ovde: https://www.redpacketsecurity.com/medusa...ar-put-ad/

1van · 12-10-2023, 07:42 PM

IP: 185.119.89.212 (United Internet, Srbija), MX: 212.200.163.69 (Telekom, Srbija)

1van

Jedan od subdomena je "webdisk", moguće je da su tuda kompromitovani plus je shared hosting: https://www.shodan.io/host/185.119.89.212.

Filename: np-put.rs_dns_zones_1.png Size: 74.4 KB 12-14-2023, 10:07 AM

iznogud · (This post was last modified: 12-14-2023, 11:35 AM by iznogud.)

pozdrav,

Rad pomenute ransomware grupe vise se vezuje za kompromitovanje pristupne naloge...pomocu phishing, RDP..etc.
a i znajuci da nasi ljudi obozavaju popuste i klik na link... vise verujem da su inicijalno u sistem usli pomocu nekog phsihing napada nego pomocu webdisk.

https://www.sangfor.com/farsight-labs-th...ransomware

VincaSec · 02-18-2024, 06:24 PM

Ransomware notes Medusa

!!!READ_ME_MEDUSA!!!.txt

Quote:$$\ $$\ $$$$$$$$\ $$$$$$$\ $$\ $$\ $$$$$$\ $$$$$$\
$$$\ $$$ |$$ _____|$$ __$$\ $$ | $$ |$$ __$$\ $$ __$$\
$$$$\ $$$$ |$$ | $$ | $$ |$$ | $$ |$$ / \__|$$ / $$ |
$$\$$\$$ $$ |$$$$$\ $$ | $$ |$$ | $$ |\$$$$$$\ $$$$$$$$ |
$$ \$$$ $$ |$$ __| $$ | $$ |$$ | $$ | \____$$\ $$ __$$ |
$$ |\$ /$$ |$$ | $$ | $$ |$$ | $$ |$$\ $$ |$$ | $$ |
$$ | \_/ $$ |$$$$$$$$\ $$$$$$$ |\$$$$$$ |\$$$$$$ |$$ | $$ |
\__| \__|\________|\_______/ \______/ \______/ \__| \__|
-----------------------------[ Hello, [snip] !!! ]--------------------------

WHAT HAPPEND?
------------------------------------------------------------
1. We have PENETRATE your network and COPIED data.
* We have penetrated entire network including backup system and researched all about your data.
* And we have extracted all of your networks including sub offices and your service clients networks valuable data and copied them to private cloud storage.

2. We have ENCRYPTED some your files.
While you are reading this message, it means you found your files and data has been ENCRYPTED by world's strongest ransomware.
We have access to all of your sub offices and client service networks but didn't lock them all for your brand and privacy.
We can solve this issue sliently and smoothly without 3rd parties and we decided lock only some of your main network only.
But don't worry, we can restore everything to the original without harming your business.

There is only one possible way to get back your systems and business - CONTACT us via LIVE CHAT and pay for the special
MEDUSA DECRYPTOR and DECRYPTION KEYs, Data deletion, Keep silent in media.
This MEDUSA DECRYPTOR will restore your entire network, This will take less than 1 business day.

WHAT GUARANTEES?
---------------------------------------------------------------
We can post your data to the public and send emails to your customers.
We have professional OSINTs and media team for leak data to telegram, facebook, twitter channels and top news websites. Have a look about us on twitter.

You can suffer significant problems due disastrous consequences, leading to loss of valuable intellectual property and other sensitive information,
costly incident response efforts, information misuse/abuse, loss of customer trust, brand and reputational damage, legal and regulatory issues.
After paying for the data breach and decryption, we guarantee that your data will never be leaked and this is also for our reputation.

YOU should be AWARE!
---------------------------------------------------------------
If you're not in main chile office, inform your supervisors and stay calm!
We will speak only with an authorized person. It can be the CEO, top management, etc.
In case you are not such a person - DON'T CONTACT US! Your decisions and action can result in serious harm to your company!

If you do not contact us within 3 days, We will start publish your case to our official blog and everybody will start notice your incident!
If you do not contact us within 5 days, We will start publish your case and leak video on all social channels and send emails to your customers!
--------------------[ Official blog tor address ]--------------------
Using TOR Browser(https://www.torproject.org/download/):

http://medusaxko7jxtrojdkxo66j7ck4q5tgkt...nxlcbkccyd(.)onion/

CONTACT US!
----------------------[ Your company live chat address ]---------------------------
Using TOR Browser(https://www.torproject.org/download/):

http://medusakxxtp3uo7vusntvubnytaph4d3a...k2nmus34yd(.)onion/[snip]

Or Use Tox Chat Program(https://qtox.github.io/)
Add user with our tox ID and wait 24h : 4AE245548F2A225882951FB14E9BF87EE01A0C10AE159B99D1EA62620D91A372205227254A9F

Our support email: ( [email protected] )

Company identification hash:
[snip]

Login
Username/Email:
Password:	Lost Password?
	Remember me