Medusa ransomware purportedly hits University of Mississippi Medical Center, New Jersey county

Separate attacks against the University of Mississippi Medical Center and New Jersey's Passaic County have been claimed by the suspected Russia-based Medusa ransomware-as-a-service operation, reports The Record, a news site by cybersecurity firm Recorded Future.

Medusa threatened to expose by Mar. 20 data purportedly stolen from UMMC which was able to restore normal operations on Mar. 2, or nine days after having its IT systems disrupted by the intrusion should the health provider refuse to pay the $800,000 ransom. UMMC has yet to acknowledge Medusa's assertions. On the other hand, New Jersey's Passaic County, which initially reported a malware intrusion that compromised its government offices' IT systems and phone lines two weeks ago, was also extorted for the same amount.

Despite a lack of formal attribution, Medusa is believed to have originated from Russia due to its escalated activity in Russian cybercrime forums, inclusion of Cyrillic script in operational tools, and its non-targeting of Commonwealth of Independent States entities.