|
In
an advisory posted earlier this week, government officials
warned that a ransomware-as-a-service software called Medusa,
which has launched ransomware attacks since 2021, has recently
affected hundreds of people. Medusa uses phishing campaigns as
its main method for stealing victims' credentials, according to
CISA.
To protect against the ransomware, officials recommended
patching operating systems, software and firmware, in addition
to using multifactor authentication for all services such as
email and VPNs. Experts also recommended using long passwords,
and warned against frequently recurring password changes because
they can weaken security.
Medusa developers and affiliates — called “Medusa actors” — use
a double extortion model, where they “encrypt victim data and
threaten to publicly release exfiltrated data if a ransom is not
paid,” the advisory said. Medusa operates a data-leak site that
shows victims alongside countdowns to the release of
information.
“Ransom demands are posted on the site, with direct hyperlinks
to Medusa affiliated cryptocurrency wallets,” the advisory said.
“At this stage, Medusa concurrently advertises sale of the data
to interested parties before the countdown timer ends. Victims
can additionally pay $10,000 USD in cryptocurrency to add a day
to the countdown timer.”
Since February, Medusa developers and affiliates have hit more
than 300 victims across industries, including the medical,
education, legal, insurance, technology and manufacturing
sectors, CISA said.
All contents © copyright 2025 Associated Press. All rights reserved
|
|
