Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

MedusaLocker ransomware group is looking for pentesters

MedusaLocker ransomware gang announced on its Tor data leak site that it is looking for new pentesters. MedusaLocker is a ransomware strain that was first observed in late 2019, it encrypts files on infected systems and demands a ransom, usually in cryptocurrency, for their decryption. The group operates as Ransomware-as-a-Service (RaaS), meaning affiliates can rent […]

MedusaLocker

MedusaLocker ransomware gang announced on its Tor data leak site that it is looking for new pentesters.

MedusaLocker is a ransomware strain that was first observed in late 2019, it encrypts files on infected systems and demands a ransom, usually in cryptocurrency, for their decryption.

The group operates as Ransomware-as-a-Service (RaaS), meaning affiliates can rent the ransomware in exchange for a cut of the profits.

MedusaLocker ransomware gang announced on its Tor data leak site that it is looking for new pentesters.

MedusaLocker

Why Would a Ransomware Gang Hire a Pen Tester?

It may sound strange at first, the kind of job ad you’d expect to find on LinkedIn, not on a dark web forum, but in the cybercriminal underground, recruiting skilled penetration testers is not uncommon. In fact, it’s a natural evolution of the ransomware economy. Just as legitimate companies hire security professionals to test and strengthen their defenses, ransomware operators are hiring them to probe, map, and exploit weaknesses in target networks. The difference is in the intent: one aims to protect, the other to profit through extortion.

Modern ransomware operations function like structured businesses. They have management hierarchies, technical teams, customer support for victims, negotiators, and, increasingly, talent scouts. For affiliates to maximize profits, they need skilled people to identify valuable targets and ensure access is deep and persistent.

This is where pen testers come in. In the legitimate world, penetration testers simulate attacks to reveal vulnerabilities, often using the same tools and techniques as real hackers, vulnerability scanners, phishing campaigns, password-cracking tools, and lateral movement exploits. In the criminal world, these skills are repurposed to map high-value systems, disable backups, exfiltrate sensitive data, and prepare the ground for maximum-impact ransomware deployment.

Hiring a pen tester offers several advantages to threat actors:

  1. Efficiency – A skilled tester can quickly identify exploitable entry points, reducing the time between initial compromise and ransom deployment.
  2. Stealth – Experienced testers understand operational security (OpSec) and can evade detection while mapping the network.
  3. Profit Maximization – The deeper the access, the more leverage for ransom demands. Pen testers help locate sensitive data and critical systems to encrypt first.
  4. Outsourcing Risk – By contracting specialized talent, core members of the ransomware gang limit their own exposure.

On underground forums, ads for “red teamers” or “network penetration specialists” appear with surprising regularity. They often require proficiency in Active Directory exploitation, privilege escalation, and familiarity with enterprise tools like VMware or Citrix, all critical in corporate environments. Payment is typically commission-based, meaning pen testers earn a percentage of each successful ransom, sometimes reaching six-figure payouts for a single job.

When ransomware gangs look for pen testers, it’s not about breaking into a system for fun, it’s a calculated business decision. By recruiting skilled professionals, they can operate with the precision, efficiency, and profitability of a legitimate penetration testing firm… with the sole purpose of holding victims hostage for millions.

MedusaLocker group is looking for pen tester to target ESXi, Windows, and also ARM based systems. The announcement published by the group also require direct access to corporate networks to speed up attack’s execution.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, MedusaLocker)