Federal agencies have warned the public against a dangerous ransomware scheme known as Medusa. This threat has already impacted over 300 victims from multiple critical infrastructure sectors and industries, including medical, education, legal, insurance, technology, and manufacturing.
Medusa operates as a ransomware-as-a-service provider that demands victims contact them within 48 hours through a browser-based live chat or an end-to-end encrypted instant messaging platform. Victims can also be contacted directly by Medusa actors via phone or email if they do not respond to the ransom note.
To protect your organization from Medusa ransomware, experts recommend:
* Requiring VPNs or Jump Hosts for remote access
* Monitoring for unauthorized scanning and access attempts
* Using long passwords with minimal changes
* Enabling multi-factor authentication for all services
* Keeping operating systems, software, and firmware up to date
* Implementing a recovery plan with multiple copies of sensitive data
* Segregating networks to prevent the spread of ransomware
Cybercrime is a significant threat to national security, with cyberattacks on critical infrastructure becoming increasingly common. Recent high-profile incidents include data hacks at UnitedHealth and Treasury Department, highlighting the need for vigilance against such threats.
The FBI, Cybersecurity and Infrastructure Security Agency (CISA), and Multi-State Information Sharing and Analysis Center (MS-ISAC) are working together to share information about Medusa ransomware and provide guidance on how to protect against it.
Source: https://eu.usatoday.com/story/news/nation/2025/03/16/medusa-ransomware-cyberattacks-officials-warning/82478232007