- FBI, CISA, and MS-ISAC publish new report on Medusa ransomware
- They claim the group struck hundreds of critical infrastructure firms
- Agencies share advice on how to stay safe
Hundreds of critical infrastructure targets have fallen victim to Medusa ransomware over the last four years, a new US government report has warned, urging organizations to apply known mitigations and minimize the risk of an attack.
The Federal Bureau of Investigation, the US Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC), have issued a joint report saying more more than 300 organizations in the critical infrastructure sector have already fallen prey to the infamous group
“As of February 2025, Medusa developers and affiliates have impacted over 300 victims from a variety of critical infrastructure sectors with affected industries including medical, education, legal, insurance, technology, and manufacturing,” the report says. “FBI, CISA, and MS-ISAC encourage organizations to implement the recommendations in the Mitigations section of this advisory to reduce the likelihood and impact of Medusa ransomware incidents.”
Mitigating risks
The recommendations include mitigating known vulnerabilities and making sure operating systems, software, and firmware are patched on time, segmenting networks to hinder attempts at lateral movement, and filtering network traffic by blocking access from untrusted origins.
Medusa first emerged in 2021, but since it was originally intended to be a closed ransomware variant, its success was somewhat limited. A few years later, the operation evolved into a Ransomware-as-a-Service (RaaS) with an affiliate model, which propelled it into one of the most dangerous variants out there.
“Medusa developers typically recruit initial access brokers (IABs) in cybercriminal forums and marketplaces to obtain initial access to potential victims,” the report claims. “Potential payments between $100 USD and $1 million USD are offered to these affiliates with the opportunity to work exclusively for Medusa.”
Some of the more notable victims include the Minneapolis Public School District, which suffered a significant breach resulting in the exposure of sensitive information such as psychological reports and abuse allegations. Other affected sectors encompass healthcare, manufacturing, technology, legal, insurance, and education industries.
Via BleepingComputer
Leave a comment