This post is also available in:
עברית (Hebrew)
The FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have issued a warning about an emerging ransomware threat, Medusa, which has been actively targeting organizations since 2021. The ransomware-as-a-service (RaaS) tool has recently impacted hundreds of victims, exploiting vulnerabilities in a variety of industries, including healthcare, technology, education, insurance, legal, and manufacturing.
According to the advisory, Medusa’s primary method of attack is through phishing campaigns aimed at stealing victims’ login credentials. Once compromised, the malware encrypts critical data and holds it hostage, demanding a ransom for its release. In a particularly malicious twist, the attackers also engage in double extortion. In addition to encrypting files, they threaten to publicly release the stolen data unless the ransom is paid. This tactic is intended to increase pressure on the victim to comply.
To escalate the threat, Medusa operators maintain a dedicated data-leak site, where they display a countdown to the public release of exfiltrated data. Ransom demands are posted alongside direct links to cryptocurrency wallets affiliated with the attackers. In a shocking move, the group also offers victims the option to delay the data release for an additional day by paying a $10,000 fee in cryptocurrency. Furthermore, before the countdown ends, Medusa advertises the sale of stolen data to other interested parties.
Since February, over 300 organizations across various sectors have fallen victim to Medusa, underlining the widespread nature of this attack. To defend against the ransomware, CISA has strongly recommended patching operating systems, software, and firmware to close any security gaps. Additionally, they advise using multifactor authentication (MFA) for critical services, such as email and VPNs, and employing long, complex passwords. Experts also caution against frequent password changes, as it can inadvertently weaken security defenses.
As ransomware threats like Medusa continue to evolve, proactive cybersecurity measures have never been more important for organizations to safeguard sensitive data and systems.
