Expand / Collapse search

Medusa ransomware: CISA issues email security warning

By
Published  March 18, 2025 1:30pm PDT
Crime and Public Safety
FOX TV Stations

FILE - In this photo illustration, the Federal Bureau of Investigation Police (FBI) logo is seen displayed on an Android mobile device with a figure of hacker in the background. (Photo Illustration by Miguel Candela/SOPA Images/LightRocket via Getty

Expand

The Brief

    • Cyber security officials are warning email users against a ransomware scheme. 
    • The ransomware-as-a-service software called Medusa has been used to conduct ransomware attacks since 2021 via phishing methods. 
    • Falling victim to a phishing scam can result in financial theft.

The FBI and the U.S. Cybersecurity and Infrastructure Security Agency are warning email users against a dangerous ransomware scheme.

A ransomware-as-a-service software called Medusa has been used to conduct ransomware attacks since 2021.

Here’s what to know about it: 

What is Medusa ransomware?

Big picture view:

The ransomware tactic uses what’s referred to as a double extortion model, meaning they encrypt victim data and then threaten to publicly release exfiltrated data if a ransom is not paid.

The ransom note demands victims make contact within 48 hours, and if the victim does not respond to the ransom note, Medusa actors will reach out to them directly by phone or email.

Additionally, victims can pay $10,000 in cryptocurrency to add a day to the countdown timer. 

Dig deeper:

Medusa uses phishing campaigns as its main method for stealing victims' credentials, according to CISA. 

What is phishing?

Phishing is an online scam enticing users to share private information using deceitful or misleading tactics, according to CISA. 

Why you should care:

Falling victim to a phishing scam can result in financial theft. 

In the case of Medusa ransomware, victims must pay to decrypt files and prevent further release by Medusa suspects. 

RELATED: ‘Smishing’ scam texts are still a threat: What to know

CISA warning

The Cybersecurity and Infrastructure Security Agency and FBI issued an advisory last week about Medusa ransomware as part of their ongoing campaign to stop ransomware. 

Dig deeper:

The advisories include recently and historically observed tactics, techniques, and procedures to help cyber security experts better protect against ransomware.

See CISA’s advisory on Medusa ransomware here

RELATED: Job offers through texts? Be careful, it's likely a scam

By the numbers:

CISA said more than 300 victims from a variety of sectors, including medical, education, legal, insurance, technology, and manufacturing, have been identified as of February 2025. 

What you can do:

To protect against the ransomware, officials recommended patching operating systems, software and firmware, in addition to using multifactor authentication for all services such as email and VPNs. 

Experts also recommended using long passwords, and warned against frequently recurring password changes because they can weaken security.

The Source: Information in this article was obtained from a March 12, 2025, press release from the U.S. Cybersecurity and Infrastructure Security Agency. 

Crime and Public SafetyTechnology