Cybersecurity officials warn against potentially costly Medusa ransomware attacks

LOS ANGELES (AP) — The FBI and the U.S. Cybersecurity and Infrastructure Security Agency are informing against a unsafe ransomware scheme.

In an advisory posted earlier this week, authorities officials warned that a ransomware-as-a-service bundle called Medusa, which has launched ransomware attacks since 2021, has precocious affected hundreds of people. Medusa uses phishing campaigns arsenic its main method for stealing victims' credentials, according to CISA.

To support against the ransomware, officials recommended patching operating systems, bundle and firmware, successful summation to utilizing multifactor authentication for each services specified arsenic email and VPNs. Experts besides recommended utilizing agelong passwords, and warned against often recurring password changes due to the fact that they tin weaken security.

Medusa developers and affiliates — called “Medusa actors” — usage a treble extortion model, wherever they “encrypt unfortunate information and endanger to publically merchandise exfiltrated information if a ransom is not paid,” the advisory said. Medusa operates a data-leak tract that shows victims alongside countdowns to the merchandise of information.

“Ransom demands are posted connected the site, with nonstop hyperlinks to Medusa affiliated cryptocurrency wallets,” the advisory said. “At this stage, Medusa concurrently advertises merchantability of the information to funny parties earlier the countdown timer ends. Victims tin additionally wage $10,000 USD successful cryptocurrency to adhd a time to the countdown timer.”

Since February, Medusa developers and affiliates person deed much than 300 victims crossed industries, including the medical, education, legal, insurance, exertion and manufacturing sectors, CISA said.