MedusaLocker ransomware gang announced on its Tor data leak site that it is looking for new pentesters.
MedusaLocker is a ransomware strain that was first observed in late 2019, it encrypts files on infected systems and demands a ransom, usually in cryptocurrency, for their decryption.
The group operates as Ransomware-as-a-Service (RaaS), meaning affiliates can rent the ransomware in exchange for a cut of the profits.
MedusaLocker ransomware gang announced on its Tor data leak site that it is looking for new pentesters.
Why Would a Ransomware Gang Hire a Pen Tester?
It may sound strange at first, the kind of job ad you’d expect to find on LinkedIn, not on a dark web forum, but in the cybercriminal underground, recruiting skilled penetration testers is not uncommon. In fact, it’s a natural evolution of the ransomware economy. Just as legitimate companies hire security professionals to test and strengthen their defenses, ransomware operators are hiring them to probe, map, and exploit weaknesses in target networks. The difference is in the intent: one aims to protect, the other to profit through extortion.
Modern ransomware operations function like structured businesses. They have management hierarchies, technical teams, customer support for victims, negotiators, and, increasingly, talent scouts. For affiliates to maximize profits, they need skilled people to identify valuable targets and ensure access is deep and persistent.
This is where pen testers come in. In the legitimate world, penetration testers simulate attacks to reveal vulnerabilities, often using the same tools and techniques as real hackers, vulnerability scanners, phishing campaigns, password-cracking tools, and lateral movement exploits. In the criminal world, these skills are repurposed to map high-value systems, disable backups, exfiltrate sensitive data, and prepare the ground for maximum-impact ransomware deployment.
Hiring a pen tester offers several advantages to threat actors:
- Efficiency – A skilled tester can quickly identify exploitable entry points, reducing the time between initial compromise and ransom deployment.
- Stealth – Experienced testers understand operational security (OpSec) and can evade detection while mapping the network.
- Profit Maximization – The deeper the access, the more leverage for ransom demands. Pen testers help locate sensitive data and critical systems to encrypt first.
- Outsourcing Risk – By contracting specialized talent, core members of the ransomware gang limit their own exposure.
On underground forums, ads for “red teamers” or “network penetration specialists” appear with surprising regularity. They often require proficiency in Active Directory exploitation, privilege escalation, and familiarity with enterprise tools like VMware or Citrix, all critical in corporate environments. Payment is typically commission-based, meaning pen testers earn a percentage of each successful ransom, sometimes reaching six-figure payouts for a single job.
When ransomware gangs look for pen testers, it’s not about breaking into a system for fun, it’s a calculated business decision. By recruiting skilled professionals, they can operate with the precision, efficiency, and profitability of a legitimate penetration testing firm… with the sole purpose of holding victims hostage for millions.
MedusaLocker group is looking for pen tester to target ESXi, Windows, and also ARM based systems. The announcement published by the group also require direct access to corporate networks to speed up attack’s execution.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, MedusaLocker)
