MedusaLocker

Ransomware with several variants first seen in September 2019.

MedusaLocker Payload

Deletes shadow copies

Ransomware often targets backup files to inhibit system recovery.

Modifies boot configuration data using bcdedit

Deletes System State backups

Uses wbadmin.exe to inhibit system recovery.

Drops file in Drivers directory

Modifies extensions of user files

Ransomware generally changes the extension on encrypted files.