U.S. Officials Warn of Costly Medusa Ransomware Attacks

The FBI and the US Cybersecurity and Infrastructure Security Agency (CISA) have issued a warning about an escalating ransomware threat, Associated Press journalist Sarah Parvini reported.

"Medusa actors" use a double extortion model: they encrypt victims' data and then threaten to publicly release stolen information unless a ransom is paid.

In an advisory posted earlier this week, officials cautioned that a ransomware-as-a-service group known as Medusa—which has been active since 2021—has launched attacks affecting hundreds of victims.

Medusa primarily relies on phishing campaigns to steal user credentials, CISA revealed.

To mitigate the risk, officials recommend patching operating systems, software, and firmware, as well as implementing multifactor authentication (MFA) for email, VPNs, and other critical services.

Cybersecurity experts also advise using strong, long passwords and warn against frequent mandatory password changes, as they can inadvertently weaken security.

Medusa's developers and affiliates—referred to as "Medusa actors"—use a double extortion model: they encrypt victims' data and then threaten to publicly release stolen information unless a ransom is paid.

Medusa operates a data leak site where victims are listed alongside countdown timers for the release of their data.

“Ransom demands are posted on the site, with direct hyperlinks to Medusa-affiliated cryptocurrency wallets,” the advisory stated.

“At this stage, Medusa concurrently advertises the data for sale to interested buyers before the countdown timer expires. Victims also have the option to delay publication by paying an additional $10,000 in cryptocurrency for each extra day.”

The FBI and CISA urge organizations and individuals to remain vigilant, as ransomware attacks continue to grow in sophistication and financial impact.