The Medusa ransomware gang continues to current a serious risk to the vital infrastructure sector, based on a newly-released joint advisory from the FBI, Cybersecurity and Infrastructure Safety Company (CISA) and the Multi-State Info Sharing and Evaluation Heart (MS-ISAC).
As of February 2025, the Medusa ransomware operation, which now we have beforehand detailed on the Tripwire State of Safety weblog, had hit over 300 organisations from quite a lot of vital infrastructure sectors with affected industries together with schooling, well being, authorized, insurance coverage, expertise, and manufacturing.
As soon as hit by a Medusa ransomware assault, victims are advised that they need to pay a ransom to decrypt their information and to forestall them from being launched onto the web. This is called a “double-extortion” assault – and implies that even when the sufferer organisation has backups and might recuperate the information which have been encrypted, they nonetheless face the specter of having their delicate knowledge leaked in the event that they refuse to pay the ransom.
If the sufferer refuses to pay, the stolen knowledge could also be leaked on Medusa’s darkish internet discussion board or bought to others, probably inflicting reputational injury, authorized penalties, and monetary losses.
Nevertheless, within the advisory the FBI notes that not less than one sufferer of a Medusa ransomware assault discovered itself contacted by a separate Medusa ransomware affiliate who claimed {that a} negotiator had stolen a ransom which had already been paid, and requested half of the cost be made once more with the intention to obtain the “true decryptor.”
The advisory notes that this probably signifies a “triple extortion” scheme.
Within the joint cybersecurity advisory, organisations are suggested to take motion right now to mitigate towards the Medusa ransomware risk.
That recommendation consists of:
- Mitigating recognized vulnerabilities by making certain working programs, software program, and firmware are patched and updated inside a risk-informed span of time.
- Segmenting networks to limit lateral motion from preliminary contaminated gadgets and different gadgets in the identical organisation.
- Filtering community site visitors by stopping unknown or untrusted origins from accessing distant companies on inner programs.
Previous victims of the Medusa ransomware have included Minneapolis Public Colleges (MPS) district, which refused to pay a million-dollar ransom and noticed roughly 92 GB of its stolen knowledge launched to the general public.
Different Medusa ransomware victims have included most cancers centres, and British excessive colleges.
The Medusa ransomware group has additionally boasted about stealing Microsoft supply code.
Editor’s Word: The opinions expressed on this and different visitor writer articles are solely these of the contributor and don’t essentially mirror these of Tripwire.
