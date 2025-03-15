Nation & World News
Nation & World News

Cybersecurity officials warn against potentially costly Medusa ransomware attacks

The FBI and the U.S. Cybersecurity and Infrastructure Security Agency are warning email users against a dangerous ransomware scheme
FILE - This June 14, 2018 file photo shows an FBI seal on a podium before a news conference at the agency's headquarters in Washington. (AP Photo/Jose Luis Magana, File)

Credit: AP

Credit: AP

FILE - This June 14, 2018 file photo shows an FBI seal on a podium before a news conference at the agency's headquarters in Washington. (AP Photo/Jose Luis Magana, File)
By SARAH PARVINI – Associated Press
1 hour ago

LOS ANGELES (AP) — The FBI and the U.S. Cybersecurity and Infrastructure Security Agency are warning against a dangerous ransomware scheme.

In an advisory posted earlier this week, government officials warned that a ransomware-as-a-service software called Medusa, which has launched ransomware attacks since 2021, has recently affected hundreds of people. Medusa uses phishing campaigns as its main method for stealing victims' credentials, according to CISA.

To protect against the ransomware, officials recommended patching operating systems, software and firmware, in addition to using multifactor authentication for all services such as email and VPNs. Experts also recommended using long passwords, and warned against frequently recurring password changes because they can weaken security.

Medusa developers and affiliates — called “Medusa actors” — use a double extortion model, where they “encrypt victim data and threaten to publicly release exfiltrated data if a ransom is not paid,” the advisory said. Medusa operates a data-leak site that shows victims alongside countdowns to the release of information.

“Ransom demands are posted on the site, with direct hyperlinks to Medusa affiliated cryptocurrency wallets,” the advisory said. “At this stage, Medusa concurrently advertises sale of the data to interested parties before the countdown timer ends. Victims can additionally pay $10,000 USD in cryptocurrency to add a day to the countdown timer.”

Since February, Medusa developers and affiliates have hit more than 300 victims across industries, including the medical, education, legal, insurance, technology and manufacturing sectors, CISA said.

More Stories

Keep Reading

A judge's gavel rests on a book of law. (Dreamstime/TNS)

Credit: TNS

Former Mohawk exec sentenced to more than 7 years in fraud case

A former Mohawk Industries executive who pleaded guilty in a fraud case has been sentenced to more than seven years in prison, federal prosecutors said Friday.

Don't click on those road toll texts. Officials issue warnings about the smishing scam

Elon Musk claims X being targeted in 'massive cyberattack' as service goes down

The Latest

Smoke rises from a location reportedly struck by U.S. airstrikes in Sanaa, Yemen, Saturday, March 15, 2025. (AP Photo/Osamah Abdulrahman

Credit: AP

Trump orders strikes on Iran-backed Houthi rebels in Yemen and issues new warning

10m ago

Monster storm across the US sparks scores of tornadoes and fire, killing at least 17

13m ago

Chicago dyes its river bright green as it opens St. Patrick's Day celebrations

14m ago

Featured

State Rep. Kimberly New, R-Villa Rica, stands in the House of Representatives during Crossover Day at the Capitol in Atlanta on Thursday, March 6, 2025. (Arvin Temkar/AJC)

Credit: Arvin Temkar/AJC

Georgia election bill replaced in late-night maneuver, an attempt to change voting laws

A short elections bill advancing through the Georgia General Assembly is a "vehicle" for bigger potential changes to voting laws.

10K-square-foot mystery restaurant planned for CNN Center reboot

The owners of the Center, formerly known as CNN Center, announced that a high-end restaurant tenant had been secured as the downtown Atlanta building is redeveloped.

Tent-slashing raises questions about Old Wheat Street encampment sweep

Caseworkers faced threats from suspect Daniel Barnett before a January sweep ended in Taylor’s death. Could officials have acted sooner?