Tech and AIFBI & CISA Urge Immediate Action

FBI & CISA Urge Immediate Action

-


Team of programmers in server hub trying to protect hardware from hacker.
Image: DC_Studio/Envato Elements

Federal cybersecurity officials are raising red flags over a surge in attacks by the Medusa ransomware group. First detected in June 2021, the group has gained traction recently by using basic but effective methods — like phishing emails and exploiting outdated software — to break into systems and hold data hostage.

In a joint advisory released last week, the FBI, Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) urged businesses and institutions to take immediate steps to protect their systems. The warning is part of the government’s ongoing #StopRansomware initiative.

A growing ransomware-as-a-service business

Originally a closed operation, Medusa has now adopted a ransomware-as-a-service (RaaS) model. This means the developers provide the ransomware software to partners, known as “Medusa actors,” who carry out the attacks. These affiliates are often recruited from online criminal forums and are sometimes paid bonuses to work exclusively for Medusa.

“Potential payments between $100 USD and $1 million USD are offered to these affiliates with the opportunity to work exclusively for Medusa,” the advisory said.

Medusa actors often gain access to systems through phishing emails or by exploiting known vulnerabilities, such as CVE-2024-1709, which affects the ScreenConnect remote access tool, and CVE-2023-48788, a flaw in Fortinet products. Once inside, they encrypt files and demand ransoms. The group’s ransom notes give victims 48 hours to respond via a live chat or encrypted messaging platform.

If a victim does not respond, Medusa actors may escalate their extortion efforts, a tactic observed in other ransomware groups.

What makes Medusa particularly menacing is its public-facing data-leak site, which displays victims alongside countdown timers. Once the timer runs out, stolen data is either released or sold to the highest bidder. In some cases, victims are given the option to buy extra time — a single day’s delay may cost as much as $10,000 in cryptocurrency.

“As of February 2025, Medusa developers and affiliates have impacted over 300 victims from a variety of critical infrastructure sectors with affected industries including medical, education, legal, insurance, technology, and manufacturing,” the advisory notes.

Medusa’s reach is global; past victims include Minneapolis Public Schools, where an attack in 2023 exposed sensitive information from over 100,000 students.

How to protect your organization from Medusa ransomware

The advisory urges organizations to take several key steps to protect themselves from Medusa. These include:

  • Ensuring that all operating systems, software, and firmware are regularly updated and patched.
  • Implementing multi-factor authentication across all services.
  • Using strong, unique passwords.

Additionally, CISA advises businesses to segment their networks to limit the spread of infections and filter network traffic to block unauthorized access attempts.

CISA is urging IT teams to review their #StopRansomware: Medusa Ransomware advisory for detailed detection methods and threat indicators.



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest news

Canada Crypto Fund Are Exploding: Is Canada Bitcoin Reserve Next After Trudeau?

Canada crypto markets are heating up as interest in digital assets grows. Talks of a Canada Bitcoin reserve...

Binance memecoin platform Four Meme exploited again — this time for $130K

Four Meme suspended its launch function and conducted an emergency probe after suffering an “attack” today. Source link

How to Protect Your Cats (and Backyard Chickens) From Bird Flu

For cats who enjoy spending time outside, Feah says that leashed walks are a good option. She also...

Bank of Korea | No Plans for a Bitcoin Reserve

The Bank of Korea (BoK) has ruled out the possibility of including bitcoin in its foreign exchange reserves....

Advertisement

Vitalik Buterin Sells 5K DHN Tokens for $124K, Triggering 50% Price Drop

Vitalik Buterin sold 5,000 Dohrnii (DHN) tokens, which he had received for free from Dohrnii Labs, for $124,000,...

Peer Raises $10.5M to Expand AI-Powered Metaverse Engine

Peer Global Inc. has raised $10.5 million in a new funding round, increasing its total investment to $65.5...

Must read

Canada Crypto Fund Are Exploding: Is Canada Bitcoin Reserve Next After Trudeau?

Canada crypto markets are heating up as interest...

Binance memecoin platform Four Meme exploited again — this time for $130K

Four Meme suspended its launch function and conducted...

You might also likeRELATED
Recommended to you