The Medusa ransomware gang continues to current a serious menace to the vital infrastructure sector, based on a newly-released joint advisory from the FBI, Cybersecurity and Infrastructure Safety Company (CISA) and the Multi-State Info Sharing and Evaluation Middle (MS-ISAC).
As of February 2025, the Medusa ransomware operation, which we have now beforehand detailed on the Tripwire State of Safety weblog, had hit over 300 organisations from a wide range of vital infrastructure sectors with affected industries together with schooling, well being, authorized, insurance coverage, know-how, and manufacturing.
As soon as hit by a Medusa ransomware assault, victims are informed that they have to pay a ransom to decrypt their information and to forestall them from being launched onto the web. This is named a “double-extortion” assault – and implies that even when the sufferer organisation has backups and may recuperate the information which have been encrypted, they nonetheless face the specter of having their delicate knowledge leaked in the event that they refuse to pay the ransom.
If the sufferer refuses to pay, the stolen knowledge could also be leaked on Medusa’s darkish net discussion board or offered to others, doubtlessly inflicting reputational harm, authorized penalties, and monetary losses.
Nevertheless, within the advisory the FBI notes that not less than one sufferer of a Medusa ransomware assault discovered itself contacted by a separate Medusa ransomware affiliate who claimed {that a} negotiator had stolen a ransom which had already been paid, and requested half of the cost be made once more in an effort to obtain the “true decryptor.”
The advisory notes that this doubtlessly signifies a “triple extortion” scheme.
Within the joint cybersecurity advisory, organisations are suggested to take motion at this time to mitigate in opposition to the Medusa ransomware menace.
That recommendation contains:
- Mitigating identified vulnerabilities by making certain working techniques, software program, and firmware are patched and updated inside a risk-informed span of time.
- Segmenting networks to limit lateral motion from preliminary contaminated gadgets and different gadgets in the identical organisation.
- Filtering community site visitors by stopping unknown or untrusted origins from accessing distant companies on inside techniques.
Previous victims of the Medusa ransomware have included Minneapolis Public Faculties (MPS) district, which refused to pay a million-dollar ransom and noticed roughly 92 GB of its stolen knowledge launched to the general public.
Different Medusa ransomware victims have included most cancers centres, and British excessive colleges.
The Medusa ransomware group has additionally boasted about stealing Microsoft supply code.
Editor’s Word: The opinions expressed on this and different visitor writer articles are solely these of the contributor and don’t essentially replicate these of Tripwire.
