- FBI, CISA and MSISAC publishes new report on Medusa Ransomware
- They claim the group hit hundreds of critical infrastructure companies
- Agencies share advice on how to remain in safety
Hundreds of critical infrastructure goals have fallen victim to Medusa Ransomware over the past four years, a new US government report has warned and called on organizations to use known memories and minimize the risk of an attack.
Federal Bureau of Investigation, US CyberSecurity and Infrastructure Security Agency (CISA) and Multi-State Information Sharing and Analysis Center (MS-ISAC), has issued a joint report saying more than 300 organizations in the critical infrastructure sector, have already fallen for the notorious group
“From February 2025, Medusa developers and affiliated companies have affected over 300 victims from a number of critical infrastructure sectors with affected industries, including medical, education, legal, insurance, technology and manufacture,” the report said. “The FBI, CISA and MSIsAC encourage organizations to implement the recommendations in the mitigation section of this advice to reduce the likelihood and impact of Medusa Ransomware events.”
Affordable risks
The recommendations include mitigation of known vulnerabilities and ensuring that operating systems, software and firmware are patched on time, networking to prevent attempts at lateral movement and filter network traffic by blocking access from non -procedure originations.
Medusa first appeared in 2021, but when it was originally intended to be a closed ransomware variant, its success was somewhat limited. A few years later, the operation evolved into a Ransomware-as-A-Service (RAAS) with an associated model that propelled it to one of the most dangerous variants out there.
“Medusa developers typically recruit preliminary access brokers (IABS) in cyber criminal forums and marketplaces to gain initial access to potential victims,” the report claims. “Potential payments between $ 100 USD and $ 1 million USD are offered these affiliated companies with the opportunity to work exclusively for Medusa.”
Some of the more notable victims include Minneapolis Public School District, which suffered a significant violation, resulting in exposure of sensitive information, such as psychological reports and allegations of abuse. Other affected sectors include healthcare, manufacturing, technology, legal, insurance and educational industries.
Via Bleeping computer
