Analysis of MedusaLocker Ransomware

Reverse engineering of the MEDUSALOCKER ransomware to better understand how it works.

Our analysis of this MEDUSALOCKER variant shows that it uses the Chacha20 encryption algorithm to encrypt data, as well as the keys “TRUMPTRUMPTRUMPTRUMPTRUMPTRUMPTRUMP” truncated to 32 characters, then “PUTLERPUTLER” truncated to 8 characters.

We are continuing our research to understand why this ransomware gang decided to use the words TRUMP and PUTLER (which, according to some interpretations, refers to Vladimir PUTIN being compared to Hitler).

We will most likely publish another article on this subject.

Here the link to download the report.

Analysis of MedusaLocker Ransomware

Reverse engineering of the MEDUSALOCKER ransomware to better understand how it works. Our analysis of this MEDUSALOCKER variant shows that it uses the

The Federation of CEGEPs renews its confidence in StreamScan for responding to cyberattacks

Since December 1, 2023, StreamScan has been acting as a specialized cyber incident response firm for the Fédération des cégeps du Quebec. Initially sc

CRITICAL Security Vulnerability in Microsoft WSUS CVE-2025-59287 (score of 9.8/10)

A security vulnerability with a severity rating of CRITICAL (CVE-2025-59287, score of 9.8/10) has been discovered in Microsoft WSUS. This flaw, classi

The CMMC Customer Responsibility Matrix: a key factor in choosing your cybersecurity provider

Streamscan is the first Canadian cybersecurity provider to obtain CMMC Level 2 certification. The audit was conducted by an external auditor (C3PAO).

Need expert advice for your situation?