North Korean Lazarus Group Hackers Linked to Medusa Ransomware Attacks

Detailed forensic analysis connected the Lazarus Group — North Korea's most well-known cyber arm — to Medusa Ransomware attacks against hospitals and healthcare providers in the United States. Medusa is a ransomware-as-a-service operating since 2023 using double extortion: encrypting systems AND threatening to publish stolen data. Researchers identified significant infrastructure overlap with previous Lazarus campaigns. Healthcare is a strategic target: critical systems that can't go offline, extremely sensitive data, historically smaller security budgets, and legacy systems. For North Korea, ransomware is a significant revenue source for weapons programs — the FBI estimates Lazarus collected over $3 billion in cryptocurrencies in recent years.