MedusaLocker Variant Backups Ransomware Targets Global Enterprises

The CYFIRMA Research and Advisory Team has identified a ransomware variant called Puld, linked to the MedusaLocker group, which encrypts files by appending a ".Puld39" extension and demands ransom for decryption. Victims are threatened with escalating file deletion and data leaks if they do not comply within five days, with communication encouraged via encrypted platforms. Meanwhile, the Senate Finance Committee released a budget reconciliation draft excluding key retirement savings incentives, with discussions ongoing amid Republican leadership aiming for legislation by July 4. On the geopolitical front, a ceasefire between Israel and Iran began on June 24 following U.S. strikes on Iran’s nuclear program, although tensions remain high with accusations of violations and calls for calm by President Trump, emphasizing the fragile nature of upcoming negotiations. These developments highlight critical cybersecurity threats, legislative negotiations on benefits, and significant international conflict management efforts in June 2025.