The Medusa ransomware gang continues to current a serious risk to the important infrastructure sector, in keeping with a newly-released joint advisory from the FBI, Cybersecurity and Infrastructure Safety Company (CISA) and the Multi-State Data Sharing and Evaluation Middle (MS-ISAC).
As of February 2025, the Medusa ransomware operation, which now we have previously detailed on the Tripwire State of Security blog, had hit over 300 organisations from a wide range of important infrastructure sectors with affected industries together with training, well being, authorized, insurance coverage, know-how, and manufacturing.
As soon as hit by a Medusa ransomware assault, victims are informed that they need to pay a ransom to decrypt their recordsdata and to forestall them from being launched onto the web. This is called a “double-extortion” assault – and implies that even when the sufferer organisation has backups and may get better the recordsdata which have been encrypted, they nonetheless face the specter of having their delicate information leaked in the event that they refuse to pay the ransom.
If the sufferer refuses to pay, the stolen information could also be leaked on Medusa’s darkish net discussion board or offered to others, doubtlessly inflicting reputational harm, authorized penalties, and monetary losses.
Nevertheless, within the advisory the FBI notes that at the very least one sufferer of a Medusa ransomware assault discovered itself contacted by a separate Medusa ransomware affiliate who claimed {that a} negotiator had stolen a ransom which had already been paid, and requested half of the fee be made once more with the intention to obtain the “true decryptor.”
The advisory notes that this doubtlessly signifies a “triple extortion” scheme.
Within the joint cybersecurity advisory, organisations are suggested to take motion as we speak to mitigate towards the Medusa ransomware risk.
That recommendation contains:
- Mitigating identified vulnerabilities by guaranteeing working programs, software program, and firmware are patched and updated inside a risk-informed span of time.
- Segmenting networks to limit lateral motion from preliminary contaminated gadgets and different gadgets in the identical organisation.
- Filtering community visitors by stopping unknown or untrusted origins from accessing distant companies on inner programs.
Previous victims of the Medusa ransomware have included Minneapolis Public Colleges (MPS) district, which refused to pay a million-dollar ransom and noticed roughly 92 GB of its stolen data released to the public.
Different Medusa ransomware victims have included cancer centres, and British high schools.
The Medusa ransomware group has additionally boasted about stealing Microsoft source code.
Editor’s Notice: The opinions expressed on this and different visitor creator articles are solely these of the contributor and don’t essentially mirror these of Tripwire.
