The FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have issued a warning about a serious ransomware threat known as Medusa. This ransomware-as-a-service has been active since 2021 and has recently impacted hundreds of victims.
Medusa primarily uses phishing campaigns to steal login details from its targets. This method has proven effective, leading to significant breaches across various industries. Since February alone, Medusa has attacked more than 300 organizations, including those in healthcare, education, legal, insurance, technology, and manufacturing sectors.
The ransomware operates using a double extortion strategy. First, it encrypts the victim’s data, making it inaccessible. Then, the attackers threaten to release sensitive information publicly unless a ransom is paid. They even run a data-leak site that counts down to when the information will be released, adding pressure on victims.
Ransom demands are posted on this site, along with links to cryptocurrency wallets where payments can be made. Victims can also pay an additional $10,000 in cryptocurrency to extend the countdown by one day, which adds another layer of urgency to the situation.
To help protect against such attacks, officials recommend several measures. Keeping operating systems, software, and firmware updated is crucial. They also advise using multifactor authentication for email and VPN services. Experts suggest creating long passwords and caution against frequent password changes, as they can actually weaken security.
As the threat landscape continues to evolve, staying informed and taking proactive steps is essential for individuals and organizations alike.