In case you missed it, sharing the CISA advisory from June 30th and a recent article from KnowBe4's newsletter. According to KnowBe4, "
This ransomware strain uses a batch file to execute a PowerShell script which propagates MedusaLocker throughout the network by editing the EnableLinkedConnections value within the infected machine's registry, which then allows the infected machine to detect attached hosts and networks via Internet Control Message Protocol (ICMP) and to detect shared storage via Server Message Block (SMB) Protocol." See more at this post - [New FBI and CISA Alert] This ransomware strain uses RDP flaws to hack into your network (knowbe4.com)
The full CISA Alert can be found here: #StopRansomware: MedusaLocker | CISA------------------------------
Shauna McLaughlin
Director, Website and Database Technologies
National Association of County and City Health Officials (NACCHO)
Washington DC
------------------------------