Tech and AIFBI & CISA Urge Immediate Action

FBI & CISA Urge Immediate Action

-


Team of programmers in server hub trying to protect hardware from hacker.
Image: DC_Studio/Envato Elements

Federal cybersecurity officials are raising red flags over a surge in attacks by the Medusa ransomware group. First detected in June 2021, the group has gained traction recently by using basic but effective methods — like phishing emails and exploiting outdated software — to break into systems and hold data hostage.

In a joint advisory released last week, the FBI, Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) urged businesses and institutions to take immediate steps to protect their systems. The warning is part of the government’s ongoing #StopRansomware initiative.

A growing ransomware-as-a-service business

Originally a closed operation, Medusa has now adopted a ransomware-as-a-service (RaaS) model. This means the developers provide the ransomware software to partners, known as “Medusa actors,” who carry out the attacks. These affiliates are often recruited from online criminal forums and are sometimes paid bonuses to work exclusively for Medusa.

“Potential payments between $100 USD and $1 million USD are offered to these affiliates with the opportunity to work exclusively for Medusa,” the advisory said.

Medusa actors often gain access to systems through phishing emails or by exploiting known vulnerabilities, such as CVE-2024-1709, which affects the ScreenConnect remote access tool, and CVE-2023-48788, a flaw in Fortinet products. Once inside, they encrypt files and demand ransoms. The group’s ransom notes give victims 48 hours to respond via a live chat or encrypted messaging platform.

If a victim does not respond, Medusa actors may escalate their extortion efforts, a tactic observed in other ransomware groups.

What makes Medusa particularly menacing is its public-facing data-leak site, which displays victims alongside countdown timers. Once the timer runs out, stolen data is either released or sold to the highest bidder. In some cases, victims are given the option to buy extra time — a single day’s delay may cost as much as $10,000 in cryptocurrency.

“As of February 2025, Medusa developers and affiliates have impacted over 300 victims from a variety of critical infrastructure sectors with affected industries including medical, education, legal, insurance, technology, and manufacturing,” the advisory notes.

Medusa’s reach is global; past victims include Minneapolis Public Schools, where an attack in 2023 exposed sensitive information from over 100,000 students.

How to protect your organization from Medusa ransomware

The advisory urges organizations to take several key steps to protect themselves from Medusa. These include:

  • Ensuring that all operating systems, software, and firmware are regularly updated and patched.
  • Implementing multi-factor authentication across all services.
  • Using strong, unique passwords.

Additionally, CISA advises businesses to segment their networks to limit the spread of infections and filter network traffic to block unauthorized access attempts.

CISA is urging IT teams to review their #StopRansomware: Medusa Ransomware advisory for detailed detection methods and threat indicators.



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest news

Peer Raises $10.5M to Expand AI-Powered Metaverse Engine

Peer Global Inc. has raised $10.5 million in a new funding round, increasing its total investment to $65.5...

‘AI’ crypto trading agent, aixbt, hacked for $100K

Purported artificial intelligence cryptocurrency trading agent, aixbt, has been hacked for 55.5 ETH, worth approximately $100K. Source link

Google brings a ‘canvas’ feature to Gemini, plus Audio Overview

They say imitation is the sincerest form of flattery, and Google seems to agree. On Tuesday, the company added...

Now Binance Allows Dex Tokens Trading On Cex Without Switching: Alpha 2.0

Binance crypto exchange announced a very big brilliant move with Binance Alpha 2.0 to push the adoption of...

Advertisement

Interchain Foundation funds Tharsis Labs to open-source evmOS

The Interchain Foundation is funding the...

Soneium Partners with LINE to Integrate Web3 Mini-Apps

Want more? Connect with NFT PlazasJoin the Weekly NewsletterJoin our TelegramFollow us on XLike us on Facebook*All...

Must read

Peer Raises $10.5M to Expand AI-Powered Metaverse Engine

Peer Global Inc. has raised $10.5 million in...

‘AI’ crypto trading agent, aixbt, hacked for $100K

Purported artificial intelligence cryptocurrency trading agent, aixbt, has...

You might also likeRELATED
Recommended to you