The FBI and the U.S. Cybersecurity and Infrastructure Security Agency have issued a warning about a dangerous ransomware operation known as Medusa. According to a recent advisory, this ransomware-as-a-service software has been targeting individuals since 2021 and has impacted a significant number of people. Medusa primarily utilizes phishing campaigns to steal victims’ credentials, as stated by CISA.
To safeguard against this ransomware threat, officials advise updating operating systems, software, and firmware, as well as implementing multi-factor authentication for all services like email and VPNs. It is also recommended to use lengthy passwords and to avoid frequent password changes, which could compromise security.
The developers and affiliates of Medusa, referred to as “Medusa actors,” employ a strategy known as double extortion. This involves encrypting victim data and threatening to publicly release the information unless a ransom is paid promptly. Medusa operates a data-leak site that displays victims’ information along with countdowns indicating when the data will be released.
The advisory further mentions that ransom demands are posted on the site, with direct links to Medusa-affiliated cryptocurrency wallets. Medusa also offers victims the option to extend the countdown timer by paying $10,000 USD in cryptocurrency. Since February, Medusa developers and affiliates have targeted over 300 victims spanning various sectors, including healthcare, education, legal, insurance, technology, and manufacturing, according to CISA.
