On November 6th, Tencent Yushen Threat Intelligence Center monitored that the Medusalocker ransom virus was partially infected in China. The virus appeared in October 2019. It is known to spread the virus mainly through phishing scams and spam. After the virus has completed the early version of the encrypted file, add the extension suffix .encrypted, and add the .ReadTheInstructions extension suffix after the latest virus version is encrypted. Since the virus uses the RSA+AES method to encrypt the file, there is no decryption tool when the RSA private key is not obtained by the author. The attacker will extort 1BTC (bitcoin) from the victim, with a market value of about 65,000 yuan.