Recently, Cisco's threat intelligence research teamTalosAnalysis indicates that threat organizations driven by economic interests are operating globallyadopt“Medusa”（Medusa）Variants of Ransomware——BabyLockerKZFor various types ofEnterprises conductAttack.

According to the investigation,sincetwo thousand and twenty-twoSince the beginning of the year, aPaidMemesThe attack group utilizes this variantIt's startedA seriesNetwork attacks and extortion.PaidMemesMainly using publicly available network scanning programs, malicious software, and free code tools for attacks. These tools can easily disable antivirus or endpoint detection and response software, providing attackers with the convenience of credential theft and lateral movement.

BabyLockerKZAs“Medusa”The derivative form of ransomware has rapidly expanded its scope of influence and has caused serious harm to many enterprises worldwide in the past two yearsthreatenEspecially intwo thousand and twenty-threeIn the second quarter of the year, the frequency of attacks significantly increased，Almost doubledThis further exacerbates its threat to global corporate security.

From a geographical distribution perspective,PaidMemesThe early attacks were mainly concentrated in multiple European countries, especially France, Germany, Spain, and Italy. However, over time, the attackers' targets gradually shifted towards Central and South America, with Brazil becoming the new main target of attack. In addition, the United States, the United KingdomHong Kong, ChinaSouth Korea, Australia, Japan and other places have not been spared, and the activities of this attack group have crossed multiple regions around the world.

In the victim industry,PaidMemesIt did not show any specific preferences, and its attack range is wide, covering multiple industry sectors. However, from the leaked dataset, it can be seen that the attack group is more inclined to targetmiddle-sized and smallEnterprises engage in speculative attacks. Due to limited resources, these enterprises often find it difficult to effectively resist the invasion of ransomware. Although the ransom amount is relatively low, for small and medium-sized enterprises, a ransom of tens of thousands of dollars may still constitute a heavy financial burden, and even affect the survival and development of the enterprise.Disclosure information shows that the team has previously attackedOnly one employeeA familycompany.

Compared to large enterprises, small and medium-sized enterprises face more severe challenges in preventing ransomware. Large enterprises, with abundant resources and professional security teams, can effectively detect and resist ransomware attacks. However, small and medium-sized enterprises are limited by high protection costslackThe lack of a professional security team andDifficult to bearNetwork insurance feesetc.，When facing a cyber attackIt appears particularly fragile.

What is even more worrying is that,becauseThe amount of extortion targeted at small and medium-sized enterprises is relatively small,Often difficultThis has attracted widespread attention from society, but for small and medium-sized enterprises, these amounts are sufficient to pose a significant threat to their survival. Therefore,Related organizations also need toPay attention to the network attacks suffered by small and medium-sized enterprises, and at the same time, they should actively strengthen their own security defense to cope with this increasingly severe security challenge.