The US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have warned Gmail and Microsoft Outlook users of an emerging ransomware threat called Medusa. The ransomware-as-a-service has been in operation since 2021 and has recently affected hundreds of people through phishing campaigns that target credential theft.
As guided, ‘Medusa actors’ engage in double extortion, which involves encrypting the victims' data and threatening to release it unless a ransom is paid. Medusa runs a leak site where victims’ data are being published while countdowns for possible exposure are running. The ransom demands include direct links to cryptocurrency wallets tied to Medusa. Furthermore, victims can delay the data release for US$10,000 worth of cryptocurrency each extra day.
The FBI, CISA, and MS-ISAC suggest organisations protect against Medusa ransomware by adopting extensive cybersecurity procedures, including supporting the use of VPNs for remote access, detecting unauthorised activity for scanning, implementing multi-factor authentication on e-mail and critical accounts, and maintaining the currency of software. Organisations should also segment networks to hinder the spread of ransomware, develop an effective data recovery plan, and be able to monitor the network for anomalous activity.
Authorities call on companies and individuals to be cautious, as Medusa remains a serious cybersecurity threat.