The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued an urgent advisory warning users of popular email services, including Gmail and Outlook, about the Medusa ransomware. Active since 2021, Medusa has compromised over 300 organizations across critical sectors such as healthcare, education, legal, insurance, technology, and manufacturing.
Medusa operates on a double extortion model: it encrypts victims’ data and threatens to publicly release it unless a ransom is paid. The group primarily gains access through phishing emails and exploiting unpatched software vulnerabilities. Notably, Medusa maintains a data-leak site listing victims with countdowns to data release, offering to delay the timer for a $10,000 cryptocurrency payment.
To mitigate the risk of ransomware attacks like Medusa, the FBI and CISA recommend the following measures:
- Enable Multifactor Authentication (MFA): Implement MFA for all services, including email and Virtual Private Networks (VPNs), to add an extra layer of security.
- Regularly Update Systems: Ensure operating systems, software, and firmware are up-to-date with the latest patches to close known vulnerabilities.
- Maintain Secure Backups: Store copies of critical data in secure, segmented locations such as external hard drives or offline backups to facilitate recovery in case of an attack.
The FBI and CISA advise against paying ransoms, as payment does not guarantee the recovery of files and may encourage further criminal activity. Victims are urged to report ransomware incidents to the FBI or CISA promptly.
