The FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have issued a warning about Medusa, a ransomware-as-a-service operation that has been targeting organizations since 2021. A recent advisory highlighted that the ransomware has impacted hundreds of victims.
Medusa primarily spreads through phishing campaigns, tricking users into revealing their credentials, according to CISA. To mitigate the risk, officials recommend regularly updating operating systems, software, and firmware, as well as enabling multifactor authentication for email, VPNs, and other critical services.
Cybersecurity experts advise using long, complex passwords while cautioning against frequent mandatory password changes, which can inadvertently weaken security.
Medusa operates on a double-extortion model, encrypting victims’ data and threatening to leak it unless a ransom is paid. The group maintains a data-leak site where victims are listed alongside countdown timers for public data release. The ransomware operators also attempt to sell stolen data to third parties before the countdown expires. Additionally, victims can delay the release by paying $10,000 in cryptocurrency for each extra day.
Since February, Medusa has targeted over 300 organizations across multiple sectors, including healthcare, education, legal, insurance, technology, and manufacturing. Authorities urge businesses to strengthen their cybersecurity defenses to protect against this growing threat.
 have issued a warning about Medusa, a ransomware){kind=link}