FBI, CISA Warn of Widespread Medusa Ransomware Attacks
The Federal Bureau of Investigation (FBI) and the US Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint warning about the growing threat of Medusa ransomware, a dangerous ransomware-as-a-service (RaaS) scheme impacting hundreds of organizations and individuals, as per The Associated Press reports.
In an advisory released earlier this week, officials detailed how Medusa, active since 2021, utilizes phishing campaigns as its primary method for stealing victim credentials and infiltrating systems.
Medusa developers and their affiliates, known as “Medusa actors,” employ a double extortion model. This involves encrypting victim data and threatening to publicly release exfiltrated sensitive information if a ransom demand is not met. The group operates a data-leak site where it lists victims and countdown timers indicating when stolen data will be released.
“Ransom demands are posted on the site, with direct hyperlinks to Medusa affiliated cryptocurrency wallets,” the advisory states. “At this stage, Medusa concurrently advertises sale of the data to interested parties before the countdown timer ends. Victims can additionally pay $10,000 USD in cryptocurrency to add a day to the countdown timer.”
Since February, Medusa actors have targeted over 300 victims across a wide range of industries, including healthcare, education, legal, insurance, technology, and manufacturing.
To protect against Medusa and similar ransomware threats, the FBI and CISA recommend the following security measures:
- Patching: Regularly patch operating systems, software, and firmware to address known vulnerabilities.
- Multi-Factor Authentication (MFA): Implement MFA for all services, especially email and VPNs, to add an extra layer of security.
- Strong Passwords: Utilize long, complex passwords. Avoid frequent password changes, as they can lead to the use of weaker, easily remembered passwords.
