US cybersecurity officials are raising concerns over the growing threat of Medusa ransomware, a dangerous cyberattack scheme that has been wreaking havoc on multiple industries.
Since its emergence in 2021, Medusa has expanded its reach, affecting hundreds of organizations, particularly in critical sectors like healthcare, education, legal, insurance, technology, and manufacturing.
The FBI, Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) issued a joint cybersecurity advisory warning the public about Medusa's recent activities.
According to AP, Medusa operates as a ransomware-as-a-service platform, which has allowed cybercriminals to exploit it for attacks on various sectors. As of February 2023, Medusa had already affected over 300 victims globally.
According to the advisory, Medusa actors use a double extortion model in their attacks. They first encrypt the victim's data, then threaten to release sensitive information unless the ransom is paid.
Medusa even operates a data-leak site, where victims' data is displayed with a countdown timer, indicating when the data will be publicly released. If victims wish to delay the release of their data, they can pay a $10,000 ransom in cryptocurrency to add an additional day to the countdown.
Cybersecurity officials warn against potentially costly Medusa ransomware attacks https://t.co/D1fCzI9mHD #news
— Technology News (@15MinuteNewsTec) March 16, 2025
Read more: CDK Global Begins Restoring Systems After Cyberattack Disrupts Thousands of Car Dealerships
FBI Warns of Medusa Ransomware's Growing Threat to US Networks
The attack often begins with phishing campaigns, where cybercriminals use deceptive emails to steal credentials.
Once inside the network, Medusa encrypts data and demands payment, typically in cryptocurrency, to prevent the data from being exposed.
The ransom notes demand that victims contact the attackers within 48 hours via encrypted messaging platforms. If the victims fail to respond, Medusa actors may contact them directly by phone or email.
In light of the growing threat, cybersecurity agencies have recommended several steps to protect against Medusa ransomware.
These measures include requiring multi-factor authentication (MFA) for all services, keeping operating systems and software up-to-date, and using long, complex passwords.
Officials also advised organizations to implement recovery plans, ensure remote access is secured through VPNs, and monitor for abnormal network activity, USA Today said.
Medusa is part of a larger trend of escalating cyber threats, particularly targeting critical infrastructure sectors.
Cybercrime has become a growing concern for national and economic security, with incidents of data breaches and ransomware attacks increasing dramatically in recent years.
The FBI's data suggests that cybercrime incidents surged by 400% during the COVID-19 pandemic, underscoring the urgency of improving cybersecurity defenses.
As the threat of Medusa ransomware continues to grow, experts stress the importance of proactive measures to protect against cyberattacks that could disrupt businesses and compromise sensitive data.
Join the Conversation