[WARNING] Medusa Ransomware Attack on Milano Salon

D

dcomp12

Member
Reaction score
16
Location
Canada
Hey everyone just dealt with the Medusa Ransomware Attack last night Jan 22 2025.

Appears to be affecting anyone that has the Milano Salon POS/Software that deals with beauty Salons.

It may even affect systems that may have had it at one time and even though removed it gets attacked. Apparently it's gets on by some remote access back door and then implements the ransomware.

Here is the email i got from Milano last night.











[td]
[FONT=Arial, Helvetica]We have been informed about a ransomware attack targeting the salon and spa industry today. If you are unable to access your Milano software, it is possible that your computer has been affected.
[FONT=Arial, Helvetica]We understand this is a stressful situation, but please don’t panic. Follow the steps below to determine if your data can be salvaged:
  1. Right-click on the Milano icon on your desktop.
  2. Select “Properties” and click “Open File Location.”
  3. Navigate to the folder labeled Data > DB.
  4. Look for a file named MILANODATA.FDB.
[FONT=Arial, Helvetica]If you find this file, you are in luck! Please immediately copy it to an empty USB drive and take your affected computer to an IT service provider for restoration. This file contains critical data that can be salvaged and restored onto your workstation or a newly restored server computer.
Click to expand...






[FONT=Arial, Helvetica]If your system is not affected, we strongly recommend taking proactive steps to secure your data:[/FONT]
  • Begin backing up your data to external storage every night.
  • After completing the backup, unplug the external storage device and keep it isolated, only reconnecting for future backups.
[FONT=Arial, Helvetica]For customers requiring reinstallation, please email us at help@milanosoftware.com with the subject line: “Ransomware Restoration.” We are prioritizing these requests to assist you as quickly as possible.[/FONT]
[FONT=Arial, Helvetica]We understand how challenging this situation may be, and we are here to help you every step of the way. Thank you for your patience and cooperation as we work to support all affected customers.[/FONT]
[/FONT]

[/FONT]
[/td]

[/td]



[/td]​

[/FONT]
Click to expand...
[/FONT]
Click to expand...
 
Last edited:
I have no idea why they would ever say try to retrieve data from a compromised Hard Drive.

So I replaced drive and re/re Windows. Installed Webroot EDR endpoint.

They contacted Milano to have them reinstall the POS system and right away Webroot blocked a intrusion. I do believe It's a Vendor attack on their software.

I said remove the POS system and only install the system until the confirmed all clear or look for.another vendor.

For now Webroot did its job but still recommend to re/re Windows again was my suggestion.

So if anyone has/is dealing with this. This is what iv done so far.
 
Last edited:
You must log in or register to reply here.

Similar threads

thecomputerguy
AutoCAD LT .... Egnyte, Vault, or in-house?
Replies
8
Views
1K
Sky-Knight
Sky-Knight
britechguy
Suggestions for a revised "Storage Topography" for a client
2
Replies
33
Views
2K
YeOldeStonecat
YeOldeStonecat
phaZed
Synology warns of malware infecting NAS devices with ransomware (Bruteforce)
Replies
1
Views
1K
Sky-Knight
Sky-Knight
nlinecomputers
[WARNING] Exchange Server patch alert
Replies
1
Views
653
Sky-Knight
Sky-Knight
HCHTech
BitTitan acquired by Idera
Replies
4
Views
714
TazUk
TazUk
Back
Top