The FBI and CISA have issued a joint alert warning of the growing threat of Medusa ransomware attacks. The malware is a variant of ransomware-as-a-service (RaaS) that targets critical infrastructure sectors, including healthcare, technology, manufacturing, and insurance.
Developed by an affiliate model with a wide reach, Medusa has already impacted over 300 victims since its emergence in 2021. Affiliates demand ransoms ranging from $100,000 to $15 million, often using double extortion tactics that involve stealing data before encrypting victim networks.
To spread, Medusa developers use initial access brokers (IABs) and phishing campaigns, while affiliates employ living-off-the-land techniques with legitimate tools for reconnaissance and lateral movement. Experts warn of the importance of deploying software patches, network segmentation, and blocking access to unknown or untrusted sources.
Organizations should adopt an ‘assumed breach’ mindset, prioritizing detection, response, and recovery over prevention. This approach emphasizes the need for swift action in the face of potential breaches, shifting focus from preventing them entirely to mitigating their impact.
Source: https://www.darkreading.com/cyberattacks-data-breaches/fbi-cisa-alarmed-medusa-ransomware-attacks-grow