Home Officials warn against dangerous Medusa ransomware attacks. Here’s how to stay protected.

Officials warn against dangerous Medusa ransomware attacks. Here’s how to stay protected.

· March 17, 2025 · 0 Comment

JACKSONVILLE, Fla. – Federal cybersecurity agencies and the FBI have warned the public against a dangerous ransomware scheme that has affected hundreds of people.

The FBI, Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) issued a joint cybersecurity advisory last week to share information about Medusa ransomware. The advisory is part of CISA’s ongoing #StopRansomware initiative, which flags ransomware variants and threat actors, as well as their observed tactics, techniques, and procedures.

Medusa is a ransomware-as-a-service provider first identified in June 2021, according to the advisory. As of February, Medusa has impacted over 300 victims from multiple critical infrastructure sectors and industries, including medical, education, legal, insurance, technology, and manufacturing.

Originally, Medusa operated as a closed ransomware variant where all development and associated operations were controlled by the same group of cyber threat actors. It has since shifted toward an affiliate model, where developers and affiliates — called “Medusa actors” — use a double extortion model “where they encrypt victim data and threaten to publicly release exfiltrated data if a ransom is not paid,” according to the advisory.

The ransom note demands victims make contact within 48 hours through a browser-based live chat or an end-to-end encrypted instant messaging platform, according to the advisory. Victims can also be contacted directly by Medusa actors via phone or email if they do not respond to the ransom note.

Medusa also operates a data leak site, which shows victims alongside countdowns to the release of information, according to the advisory.

“Ransom demands are posted on the site, with direct hyperlinks to Medusa-affiliated cryptocurrency wallets,” the advisory stated. “At this stage, Medusa concurrently advertises sale of the data to interested parties before the countdown timer ends. Victims can additionally pay $10,000 USD in cryptocurrency to add a day to the countdown timer.”

How worried should we be? Cyberattacks on critical US infrastructure keep happening.

How to protect your organization from Medusa ransomware

The FBI, CISA, and MS-ISAC recommended some actions organizations should take immediately to protect against Medusa ransomware threats:

  • Require VPNs or Jump Hosts for remote access.
  • Monitor for unauthorized scanning and access attempts.
  • Require employees to use long passwords and consider not requiring frequently recurring password changes, which can weaken security.
  • Require multi-factor authentication for all services to the extent possible, especially for Gmail and email, virtual private networks, and accounts that access critical systems.
  • Keep all operating systems, software, and firmware up to date.
  • Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, and secure location (e.g., hard drive, storage device, the cloud).
  • Segment networks to prevent the spread of ransomware.
  • Identify, detect, and investigate abnormal activity and potential traversal of the indicated ransomware with a networking monitoring tool. To aid in detecting the ransomware, implement a tool that logs and reports all network traffic, including lateral movement activity on a network.

What to know: 2.9 billion records, including Social Security numbers, stolen in data hack

Recent cyberattacks on critical infrastructure

In recent years, the federal government has doubled down on efforts to thwart global cybercrime, which has become increasingly widespread. Federal agencies have issued multiple advisories that warned against the threat of cyberattacks.

Cybercrime is a “significant and growing threat” to national and economic security, according to the Department of State. As people become more dependent on information and communication technologies, the department said more criminals continue to shift to online schemes.

Cyber crimes can range from intellectual property theft to ransomware, potentially costing businesses billions of dollars in losses and threatening critical sectors across the country, according to the Department of State.

The surge in malicious cyber incidents coincides with the rise in online communication during the COVID-19 pandemic, according to a 2023 cyberthreat study. Citing FBI data, the study said cybercrime increased by 400% during the pandemic.

Several high-profile cyberattacks have made headlines in recent months. In March, 12 Chinese citizens were accused of cyber-hacking to steal data from the Treasury Department and other organizations worldwide.

In January, USA TODAY reported that a UnitedHealth data hack impacted 1 in 2 Americans. Hackers exposed or stole medical records from about 190 million people in February 2024.

Last October, federal prosecutors announced that two Sudanese citizens faced charges for running a guerilla computer hacking group that sought to “declare cyberwar on the United States” by targeting the FBI, hospitals, Hulu, Netflix, CNN, Microsoft, Reddit, and X, among others.

Contributing: Bart Jansen, Krystal Nurse, and Minnah Arshad, USA TODAY

dailynew_thuysan_huy_X_2025

Leave a Reply

Your email address will not be published. Required fields are marked *