The U.S. Cybersecurity and Infrastructure Security Agency and the FBI are alerting the public to a risky ransomware campaign.

Government officials cautioned that hundreds of users have lately been impacted by Medusa, a ransomware-as-a-service program that has been launching ransomware attacks since 2021, in an advisory published earlier this week. According to CISA, Medusa mostly uses phishing operations to acquire users’ login credentials.
Officials advised fixing operating systems, software, and firmware in addition to implementing multifactor authentications for all services, including VPNs and email, in order to defend against the ransomware. Additionally, experts advised using lengthy passwords and cautioned against changing them too often as this can compromise security.
Since February, Medusa developers and affiliates have harmed over 300 people in a variety of industries, including manufacturing, legal, insurance, education, healthcare, and technology, According to CISA.
According to the advice, Medusa developers and associates, also known as “Medusa actors,” employ a double extortion strategy in which they “encrypt victim data and threaten to publicly release exfiltrated data if a ransom is not paid.” Medusa runs a data-leak website that displays victims next to information release countdowns.
According to the advice, “the website posts ransom demands along with direct hyperlinks to cryptocurrency wallets affiliated with Medusa.” Before the countdown timer goes off, Medusa simultaneously offers the sale of the data to interested parties. In addition, victims can add a day to the countdown timer by paying $10,000 USD in cryptocurrency.
