The FBI and the U.S. Cybersecurity and Infrastructure Security Agency are urging users of popular email services like Gmail and Outlook to be on the lookout for a dangerous and potentially costly ransomware scheme.

A bulletin released this week detailed a warning for the Medusa ransomware gang, a group that’s been active since 2021.

“While Medusa has since progressed to using an affiliate model, important operations such as ransom negotiation are still centrally controlled by the developers,” the advisory said. “Both Medusa developers and affiliates — referred to as ‘Medusa actors’ in this advisory — employ a double extortion model, where they encrypt victim data and threaten to publicly release exfiltrated data if a ransom is not paid.”

As of February 2025, the ransomware attack has impacted more than 300 victims in the medical, education, legal, insurance, technology and manufacturing fields. The group uses phishing campaigns – bogus emails that prompt users to click links or provide personal information – as well as exploitation of unpatched software vulnerabilities. It then takes the computer or information “hostage” until a ransom is paid.

The FBI and CISA recommend all accounts use long, unique passwords. People should also use multifactor authentication for webmail, VPNs and accounts that access critical systems. It’s also recommended that all operating systems, software and firmware stay up to date.

You can see all recommendations here.