New: Threat Exposure Validation Impact Report 2025
Learn More
Join our Summer Webinar Series on Threat Exposure Validation
Register Now
Come meet us at Black Hat USA 2025 | Booth 1640
Book a Meeting

GlobeImposter Ransomware With MedusaLocker Spreading Via RDP

March 21, 2023

A GlobeImposter ransomware campaign was discovered being carried out by the attackers behind MedusaLocker.
The threat actors are suspected to have brute-forced systems with RDP enabled to gain initial access.
Various tools were used to dump passwords and perform reconnaissance including Mimikatz Advanced Port Scanner and the NirSoft Network Password Recovery tool.
In addition to encrypting files the threat actor installed XMRig to mine for digital assets.