The FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have issued a new warning for Gmail and Microsoft Outlook users on an increasing ransomware campaign led by the Medusa ransomware gang.
This cybercriminal group, active since 2021, has already compromised over 300 victims across critical industries like healthcare, education, law, and manufacturing.
Medusa is a ransomware-as-a-service (RaaS) provider that infiltrates networks using phishing emails and unmatched software vulnerabilities. Once access is secured, the attackers use double extortion, encrypting the victims' data and threatening to expose it unless a ransom is paid.
The FBI's advisory warns that despite Medusa's shift to an affiliate-based model, ransom negotiations remain under the direct control of the gang's developers.
The ransomware group usually gains access via false emails that prompt users to click on malicious links or enter login credentials, giving attackers control over sensitive data. In addition, they target vulnerabilities in outdated software to breach systems. Given the increased threat, federal agencies strongly advise webmail users to take immediate steps to protect their accounts.
To reduce the risk of falling victim to Medusa's ransomware, the FBI and CISA recommend applying the following security measures:
- Enable Multi-Factor Authentication (MFA): MFA adds an additional layer of security, preventing unwanted access even if login credentials are compromised.
- Use Strong, Unique Passwords: Avoid easily guessed or repeated passwords for many accounts.
- Update Software on a Regular Basis: Keep all operating systems, apps, and firmware up to date to close potential security gaps.
- Be Cautious of Phishing Attempts: Do not click on unsolicited links or download attachments from unknown sources.
- Backup Critical Data: To facilitate recovery in the event of an attack, keep essential files offline in safe locations.
The FBI advises against paying ransom demands because doing so doesn't ensure data recovery and may promote further attacks. Instead, victims are encouraged to report occurrences to the FBI or CISA immediately. As cyber threats grow, individuals and companies should remain proactive in their cybersecurity practices.