Lazarus Group Medusa ransomware activity targeting the Middle East and U.S. healthcare sector
Malware Activity
Summary
Hide ▲
Show ▼
The Lazarus Group was observed using Medusa ransomware in an attack against an unnamed entity in the Middle East, extending North Korea-linked ransomware use into a live victim environment. The same threat actors also attempted to compromise a U.S. healthcare organization. Separate analysis tied Medusa to four U.S. healthcare and non-profit victims since early November 2025, underscoring continued operational use of the ransomware service.
Related Happenings
Lazarus-associated Medusa extortion campaign targeting U.S. healthcare organizations
Campaign
First: 24.02.2026 13:00
Last: 24.02.2026 13:00
Sources 1
How related:
Broadcom's threat intelligence division said it also identified the same threat actors mounting an unsuccessful attack against a healthcare organization in the U.S.
About this happening:
A **Lazarus**-associated **Medusa ransomware** campaign is targeting **U.S. healthcare organizations**, raising the risk of **extortion**, **data encryption**, and operational dis...
Lazarus-associated Medusa extortion campaign targeting U.S. healthcare organizations
CampaignHow related: Broadcom's threat intelligence division said it also identified the same threat actors mounting an unsuccessful attack against a healthcare organization in the U.S.
About this happening: A **Lazarus**-associated **Medusa ransomware** campaign is targeting **U.S. healthcare organizations**, raising the risk of **extortion**, **data encryption**, and operational dis...
Osiris ransomware uses POORTRY BYOVD to disable defenses and exfiltrate data
Malware Activity
First: 22.01.2026 20:00
Last: 22.01.2026 20:00
Sources 1
About this happening:
Researchers disclosed **Osiris**, a **new ransomware family** that hit a **major food service franchisee operator in Southeast Asia** in **November 2025**, showing an active intru...
Osiris ransomware uses POORTRY BYOVD to disable defenses and exfiltrate data
Malware ActivityAbout this happening: Researchers disclosed **Osiris**, a **new ransomware family** that hit a **major food service franchisee operator in Southeast Asia** in **November 2025**, showing an active intru...
Rising encryptionless extortion incidents against enterprises in 2025
Target Trend
First: 15.01.2026 17:45
Last: 15.01.2026 17:45
Sources 1
About this happening:
**Encryptionless extortion** surged in **2025** as attackers increasingly skipped ransomware encryption and instead stole data to pressure victims across **enterprise environments...
Rising encryptionless extortion incidents against enterprises in 2025
Target TrendAbout this happening: **Encryptionless extortion** surged in **2025** as attackers increasingly skipped ransomware encryption and instead stole data to pressure victims across **enterprise environments...
Timeline
-
24.02.2026 13:52 2 articles · 3mo ago
Lazarus Group uses Medusa ransomware against Middle East and U.S. healthcare targets
Initial DisclosureLazarus Group, also tracked as Diamond Sleet and Pompilus, is described as using Medusa ransomware against an unnamed entity in the Middle East and as mounting an unsuccessful attack against a U.S. healthcare organization. Broadcom's Symantec and Carbon Black Threat Hunter Team also says Medusa leak-site analysis found attacks against four healthcare and non-profit organizations in the U.S. since the beginning of November 2025, with an average ransom demand of $260,000 and uncertainty over whether all of those victims were targeted by North Korean operatives or other Medusa affiliates.
Show sources
- Lazarus Group Uses Medusa Ransomware in Middle East and U.S. Healthcare Attacks — thehackernews.com — 24.02.2026 13:52
- Lazarus Group Uses Medusa Ransomware in Middle East and U.S. Healthcare Attacks — thehackernews.com — 24.02.2026 13:52