LOS ANGELES (AP) – The FBI and US cybersecurity and infrastructure security agencies are warning against dangerous ransomware schemes.
In an advisory posted earlier this week, government officials warned that software as a ransomware called Medusa, which has launched ransomware attacks since 2021, has been affecting hundreds of people recently. According to the CISA, Medusa uses phishing campaigns as the primary way to steal victims’ qualifications.
To protect against ransomware, authorities recommended patching operating systems, software and firmware in addition to using multifactor authentication for all services such as email and VPNs. Experts also recommended long passwords and warned against frequent and repeated password changes as they could weaken security.
Medusa developers and affiliates (known as “Medusa actors”) use a double forced model. The advisor said, “We threaten to encrypt the victim data and publish exftltlated data if no ransom has been paid.” Medusa runs a data leak site that shows victims along with countdowns in information releases.
“The ransom demand is posted on the site and there is a direct hyperlink to cryptocurrency wallets associated with Medusa,” the advisory said. “At this stage, Medusa will simultaneously promote the sale of data to stakeholders before the countdown timer ends. Victims can also pay USD 10,000 in cryptocurrency to add one day to the countdown timer.”
Since February, Medusa developers and affiliates have hit more than 300 victims across the industry, including healthcare, education, legal, insurance, technology and manufacturing sectors.
