Ransomware operations have evolved into structured businesses, complete with management hierarchies, technical teams, and customer support.

Operating as a Ransomware-as-a-Service (RaaS), MedusaLocker enables affiliates to rent its ransomware, sharing the profits from successful attacks.

MedusaLocker ransomware, which first emerged in late 2019, encrypts files on infected systems and demands payment in cryptocurrency for decryption.

The group specifically targets ESXi, Windows, and ARM-based systems, requiring direct access to corporate networks to expedite their attacks.

Recently, the MedusaLocker ransomware group announced on its Tor data leak site that it is actively seeking new penetration testers to enhance their operations.

Pentesters are hired to quickly identify exploitable entry points, ensuring efficient and stealthy attacks that maximize ransom profits.

Recruiting skilled pentesters has become a common practice in the cybercriminal underground, mirroring how legitimate companies hire security professionals.

By hiring specialists, ransomware gangs can outsource risk, limiting exposure for core members while simultaneously increasing their operational effectiveness.