Tech and AIFBI & CISA Urge Immediate Action

FBI & CISA Urge Immediate Action

-


Team of programmers in server hub trying to protect hardware from hacker.
Image: DC_Studio/Envato Elements

Federal cybersecurity officials are raising red flags over a surge in attacks by the Medusa ransomware group. First detected in June 2021, the group has gained traction recently by using basic but effective methods — like phishing emails and exploiting outdated software — to break into systems and hold data hostage.

In a joint advisory released last week, the FBI, Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) urged businesses and institutions to take immediate steps to protect their systems. The warning is part of the government’s ongoing #StopRansomware initiative.

A growing ransomware-as-a-service business

Originally a closed operation, Medusa has now adopted a ransomware-as-a-service (RaaS) model. This means the developers provide the ransomware software to partners, known as “Medusa actors,” who carry out the attacks. These affiliates are often recruited from online criminal forums and are sometimes paid bonuses to work exclusively for Medusa.

“Potential payments between $100 USD and $1 million USD are offered to these affiliates with the opportunity to work exclusively for Medusa,” the advisory said.

Medusa actors often gain access to systems through phishing emails or by exploiting known vulnerabilities, such as CVE-2024-1709, which affects the ScreenConnect remote access tool, and CVE-2023-48788, a flaw in Fortinet products. Once inside, they encrypt files and demand ransoms. The group’s ransom notes give victims 48 hours to respond via a live chat or encrypted messaging platform.

If a victim does not respond, Medusa actors may escalate their extortion efforts, a tactic observed in other ransomware groups.

What makes Medusa particularly menacing is its public-facing data-leak site, which displays victims alongside countdown timers. Once the timer runs out, stolen data is either released or sold to the highest bidder. In some cases, victims are given the option to buy extra time — a single day’s delay may cost as much as $10,000 in cryptocurrency.

“As of February 2025, Medusa developers and affiliates have impacted over 300 victims from a variety of critical infrastructure sectors with affected industries including medical, education, legal, insurance, technology, and manufacturing,” the advisory notes.

Medusa’s reach is global; past victims include Minneapolis Public Schools, where an attack in 2023 exposed sensitive information from over 100,000 students.

How to protect your organization from Medusa ransomware

The advisory urges organizations to take several key steps to protect themselves from Medusa. These include:

  • Ensuring that all operating systems, software, and firmware are regularly updated and patched.
  • Implementing multi-factor authentication across all services.
  • Using strong, unique passwords.

Additionally, CISA advises businesses to segment their networks to limit the spread of infections and filter network traffic to block unauthorized access attempts.

CISA is urging IT teams to review their #StopRansomware: Medusa Ransomware advisory for detailed detection methods and threat indicators.



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest news

Four.Meme Suffers Another Security Breach, $130K Stolen in Latest Attack

The BNB Chain-based meme coin launch platform Four.Meme was attacked once again. PeckShield has reported a fresh attack that...

Michael Saylor will pay 18% dividends to buy bitcoin if he has to

Michael Saylor has invented yet another way to raise capital to buy BTC for Strategy: STRF preferreds with...

FTC removes posts critical of big tech from its website

The FTC has removed over 300 blog posts published during the agency’s leadership under former chair Lina Khan,...

Advertisement

Is the US DoD about to start mining bitcoin? Crypto X thinks so

A rumor about the US Department of Defense (DoD) mining bitcoin is earnings hundreds of thousands of social...

Must read

Four.Meme Suffers Another Security Breach, $130K Stolen in Latest Attack

The BNB Chain-based meme coin launch platform Four.Meme...

Michael Saylor will pay 18% dividends to buy bitcoin if he has to

Michael Saylor has invented yet another way to...

You might also likeRELATED
Recommended to you