FBI, CISA Warn of Surge in Medusa Ransomware Threats

The FBI and Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint advisory regarding the escalating threat of Medusa ransomware, which has impacted over 300 victims since its emergence in 2021. Medusa operates under a ransomware-as-a-service model, employing phishing campaigns to steal credentials and utilizing a double extortion strategy where they encrypt data and threaten public release unless a ransom is paid. The advisory details that Medusa maintains a data-leak site on the dark web, displaying countdowns for when stolen information will be made public and providing links to cryptocurrency wallets for ransom payments. Federal officials recommend organizations take immediate protective measures, including patching software vulnerabilities and implementing multi-factor authentication. The advisory highlights that Medusa's activities have significantly broadened, affecting key sectors such as medical, education, and technology. Experts caution that the number of victims may be higher than reported as the group continues to evolve and adapt its tactics.