2025-12-13 –, Rookie Track 2
Ransomware gangs may seem invincible, but they are not beyond reach. In this talk, I will share the compelling story of how a simple IP leak, discovered in just 10 minutes, triggered a chain reaction that led to the downfall of Medusa Locker. We will explore the process of uncovering their real IP address and the immediate consequences that followed, including affiliates abandoning ship and leaking sensitive internal communications. Additionally, I will discuss the impact of these revelations on the gang's operations and the subsequent changes in management.
Ransomware gangs aren’t untouchable. In about 10 minutes I found Medusa Locker’s real IP - a small OPSEC slip that triggered affiliates to bail, internal chats to leak, and the operation to implode. I’ll walk through the discovery steps, the immediate fallout, and lessons on how simple mistakes can unravel an entire criminal enterprise. Practical, candid, and based on real-world experience.
As seen on...
- https://cybersecuritynews.com/researchers-deanonymized-medusa-ransomware/
- https://gbhackers.com/researchers-expose-medusa-ransomware/
- https://cyberpress.org/researchers-de-anonymize-medusa-ransomware/
Cristian Sindile is the Founder of Covert Security, a specialized offensive threat intelligence firm focused on dark web investigations, operational security and APT-level tactics, offering practical training for skilled analysts.