The FBI and the U.S. Cybersecurity and Infrastructure Security Agency have issued a warning about a dangerous ransomware scheme known as Medusa. According to a recent advisory, the ransomware-as-a-service software has been targeting individuals since 2021 and has impacted hundreds of people. Medusa utilizes phishing campaigns to steal victims’ credentials, as reported by CISA.
To safeguard against this ransomware threat, officials suggest applying patches to operating systems, software, and firmware, as well as implementing multifactor authentication for services like email and VPNs. Experts also advise using strong, lengthy passwords and caution against frequent password changes, which can compromise security.
The advisory detailed that Medusa developers and affiliates, known as “Medusa actors,” employ a double extortion strategy by encrypting victim data and threatening to publicly disclose stolen information unless a ransom is paid. Medusa operates a data-leak site that showcases victims and includes countdowns for data release. Ransom demands are displayed on the site with direct links to affiliated cryptocurrency wallets. Additionally, victims have the option to extend the countdown by paying $10,000 USD in cryptocurrency.
Since February, Medusa developers and affiliates have targeted over 300 victims in various industries, such as medical, education, legal, insurance, technology, and manufacturing sectors, according to CISA.
