The FBI is issuing an alert over an ongoing ransomware marketing campaign referred to as “Medusa” that’s hit a whole lot of victims.
Medusa is a sort of malicious software program first found in 2021 that encrypts its victims’ recordsdata earlier than demanding a ransom in alternate for a decryption key.
Medusa actors usually achieve preliminary entry via misleading phishing emails designed to steal credentials or by exploiting unpatched software program vulnerabilities, corresponding to flaws in Microsoft Trade Server or Fortinet merchandise.
Medusa has left a path of great breaches throughout crucial infrastructure sectors. Notable victims embody the Minneapolis Public Faculties district, which in 2023 noticed 92 GB of delicate scholar knowledge leaked after refusing to pay a $1 million ransom. Different targets have included most cancers facilities, British excessive colleges and authorities entities in locations like Tonga, France and the Philippines.
Each the FBI and the U.S. Cybersecurity and Infrastructure Safety Company (CISA) are issuing an advisory discover on the unfold of Medusa.
“Medusa is a ransomware-as-a-service (RaaS) variant first recognized in June 2021. As of February 2025, Medusa builders and associates have impacted over 300 victims from quite a lot of crucial infrastructure sectors with affected industries together with medical, schooling, authorized, insurance coverage, expertise, and manufacturing.”
In an announcement to Newsweek, CISA stated that in a single specific case, after paying the ransom, one sufferer was contacted by a separate Medusa actor who claimed the negotiator had stolen the ransom quantity already paid and requested half of the cost be made once more to supply the “true decryptor” in what the company describes as a possible “triple extortion scheme.”
Chatting with Forbes, Google spokesperson Ross Richendrfer says crucial factor hacking victims can do is act rapidly – ideally inside Google’s one-week grace interval following any restoration cellphone quantity change that enables the consumer to regain management of the account.
Richendrfer recommends that Google customers have already got a restoration cellphone quantity and e-mail connected to their account.
“These can be utilized in circumstances the place customers overlook their very own passwords [or]if an attacker adjustments the credentials after hijacking the account…
“Whenever you change your restoration e-mail… you could possibly select to get sign-in codes despatched to your earlier restoration e-mail for one week.”
Comply with us on X, Fb and Telegram
Do not Miss a Beat – Subscribe to get e-mail alerts delivered on to your inbox
Verify Value Motion
Surf The Every day Hodl Combine
 
Disclaimer: Opinions expressed at The Every day Hodl should not funding recommendation. Buyers ought to do their due diligence earlier than making any high-risk investments in Bitcoin, cryptocurrency or digital belongings. Please be suggested that your transfers and trades are at your individual danger, and any losses you might incur are your accountability. The Every day Hodl doesn’t suggest the shopping for or promoting of any cryptocurrencies or digital belongings, neither is The Every day Hodl an funding advisor. Please observe that The Every day Hodl participates in internet online affiliate marketing.
Generated Picture: Midjourney