LOS ANGELES — A ransomware alert has been issued by the FBI and the U.S. Cybersecurity and Infrastructure Security Agency, highlighting the hazardous threat posed by a scheme known as Medusa. This ransomware-as-a-service software has been launching attacks since 2021 and has recently targeted hundreds of individuals. Medusa primarily employs phishing tactics as a means to siphon victims’ credentials, according to CISA.
To safeguard against this ransomware, authorities advise ensuring that operating systems, software, and firmware are regularly updated and patched. Additionally, the implementation of multifactor authentication across services such as email and VPNs is recommended. Security experts further suggest the use of strong, lengthy passwords and caution against frequent password changes, which might inadvertently compromise security.
The developers and affiliates behind Medusa, also known as “Medusa actors,” operate using a double extortion model. They encrypt the data of their victims and then threaten to release this exfiltrated data publicly if a ransom is not paid, as outlined in the advisory. Medusa maintains a data-leak website where it lists victims alongside countdowns to potential data releases.
The advisory explains that ransom demands are displayed on this site with direct links to cryptocurrency wallets affiliated with Medusa. At this point, Medusa also invites interested parties to purchase the data before the countdown expires. Additionally, victims have the option to pay $10,000 in cryptocurrency to postpone the release countdown by another day.
As reported by CISA, since February, Medusa developers and their affiliates have attacked over 300 victims spanning various industries. These sectors include, but are not limited to, healthcare, education, legal, insurance, technology, and manufacturing.
