The MedusaLocker (.net6, .net15, .net20, .net50) Variant: A Definitive Forensic Recovery Guide
In our recovery lab today at Lockbit Decryptor, we isolated an active MedusaLocker variant appending the .net extension, with observed suffixes including .net2, .net5, .net6, .net10, .net12, .net15, and .net50. Files are renamed following a clear pattern, such as 1.jpg.net15, sample.pdf.net50, and 1.xlsx.net12. This strain propagates through compromised RDP and initiates contact via a Tor…