{"id":433,"date":"2025-03-17T21:01:10","date_gmt":"2025-03-17T21:01:10","guid":{"rendered":"https:\/\/www.techrepublic.com\/?p=4297915"},"modified":"2025-03-17T21:01:10","modified_gmt":"2025-03-17T21:01:10","slug":"medusa-ransomware-strikes-300-targets-fbi-cisa-urge-immediate-action-to-stopransomware","status":"publish","type":"post","link":"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/17\/medusa-ransomware-strikes-300-targets-fbi-cisa-urge-immediate-action-to-stopransomware\/","title":{"rendered":"Medusa Ransomware Strikes 300+ Targets: FBI &amp; CISA Urge Immediate Action to #StopRansomware"},"content":{"rendered":"<figure id=\"attachment_4297916\" aria-describedby=\"caption-attachment-4297916\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-4297916\" src=\"https:\/\/assets.techrepublic.com\/uploads\/2025\/03\/tr_20250317-news-medusa-ransomware-fbi-cisa.jpg\" alt=\"Team of programmers in server hub trying to protect hardware from hacker.\" width=\"1400\" height=\"900\" srcset=\"https:\/\/assets.techrepublic.com\/uploads\/2025\/03\/tr_20250317-news-medusa-ransomware-fbi-cisa.jpg 1400w, https:\/\/assets.techrepublic.com\/uploads\/2025\/03\/tr_20250317-news-medusa-ransomware-fbi-cisa-300x193.jpg 300w, https:\/\/assets.techrepublic.com\/uploads\/2025\/03\/tr_20250317-news-medusa-ransomware-fbi-cisa-1024x658.jpg 1024w, https:\/\/assets.techrepublic.com\/uploads\/2025\/03\/tr_20250317-news-medusa-ransomware-fbi-cisa-768x494.jpg 768w, https:\/\/assets.techrepublic.com\/uploads\/2025\/03\/tr_20250317-news-medusa-ransomware-fbi-cisa-50x32.jpg 50w, https:\/\/assets.techrepublic.com\/uploads\/2025\/03\/tr_20250317-news-medusa-ransomware-fbi-cisa-770x495.jpg 770w, https:\/\/assets.techrepublic.com\/uploads\/2025\/03\/tr_20250317-news-medusa-ransomware-fbi-cisa-370x238.jpg 370w, https:\/\/assets.techrepublic.com\/uploads\/2025\/03\/tr_20250317-news-medusa-ransomware-fbi-cisa-270x174.jpg 270w, https:\/\/assets.techrepublic.com\/uploads\/2025\/03\/tr_20250317-news-medusa-ransomware-fbi-cisa-740x476.jpg 740w, https:\/\/assets.techrepublic.com\/uploads\/2025\/03\/tr_20250317-news-medusa-ransomware-fbi-cisa-540x347.jpg 540w, https:\/\/assets.techrepublic.com\/uploads\/2025\/03\/tr_20250317-news-medusa-ransomware-fbi-cisa-1110x714.jpg 1110w, https:\/\/assets.techrepublic.com\/uploads\/2025\/03\/tr_20250317-news-medusa-ransomware-fbi-cisa-810x521.jpg 810w\" sizes=\"auto, (max-width: 1400px) 100vw, 1400px\"><figcaption id=\"caption-attachment-4297916\" class=\"wp-caption-text\">Image: DC_Studio\/Envato Elements<\/figcaption><\/figure>\n<p>Federal cybersecurity officials are raising red flags over a surge in attacks by the Medusa ransomware group. First detected in June 2021, the group has gained traction recently by using basic but effective methods \u2014 like phishing emails and exploiting outdated software \u2014 to break into systems and hold data hostage.<\/p>\n<p>In a <a href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2025\/03\/12\/cisa-and-partners-release-cybersecurity-advisory-medusa-ransomware\" target=\"_blank\" rel=\"noopener\">joint advisory<\/a> released last week, the FBI, Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) urged businesses and institutions to take immediate steps to protect their systems. The warning is part of the government\u2019s ongoing #StopRansomware initiative.<\/p>\n<aside class=\"pinbox right\">\n<h3 class=\"heading\">Must-read security coverage<\/h3>\n<\/aside>\n<h2><span class=\"ez-toc-section\" id=\"A_growing_ransomware-as-a-service_business\"><\/span>A growing ransomware-as-a-service business<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Originally a closed operation, Medusa has now adopted a <a href=\"https:\/\/www.techrepublic.com\/article\/protect-organization-ransomware-attacks\/\">ransomware-as-a-service<\/a> (RaaS) model. This means the developers provide the ransomware software to partners, known as \u201cMedusa actors,\u201d who carry out the attacks. These affiliates are often recruited from online criminal forums and are sometimes paid bonuses to work exclusively for Medusa.<\/p>\n<p>\u201cPotential payments between $100 USD and $1 million USD are offered to these affiliates with the opportunity to work exclusively for Medusa,\u201d the advisory said.<\/p>\n<p>Medusa actors often gain access to systems through <a href=\"https:\/\/www.techrepublic.com\/resource-library\/guide\/how-to-spot-phishing-email-attempt\/\">phishing emails<\/a> or by exploiting known vulnerabilities, such as CVE-2024-1709, which affects the ScreenConnect remote access tool, and CVE-2023-48788, a flaw in Fortinet products. Once inside, they encrypt files and demand ransoms. The group\u2019s ransom notes give victims 48 hours to respond via a live chat or encrypted messaging platform.<\/p>\n<p>If a victim does not respond, Medusa actors may escalate their extortion efforts, a tactic observed in other ransomware groups.<\/p>\n<p>What makes Medusa particularly menacing is its public-facing data-leak site, which displays victims alongside countdown timers. Once the timer runs out, stolen data is either released or sold to the highest bidder. In some cases, victims are given the option to buy extra time \u2014 a single day\u2019s delay may cost as much as $10,000 in cryptocurrency.<\/p>\n<p>\u201cAs of February 2025, Medusa developers and affiliates have impacted over 300 victims from a variety of critical infrastructure sectors with affected industries including medical, education, legal, insurance, technology, and manufacturing,\u201d the advisory notes.<\/p>\n<p>Medusa\u2019s reach is global; past victims include Minneapolis Public Schools, where an attack in 2023 exposed sensitive information from over 100,000 students.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"How_to_protect_your_organization_from_Medusa_ransomware\"><\/span>How to protect your organization from Medusa ransomware<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The advisory urges organizations to take several key steps to protect themselves from Medusa. These include:<\/p>\n<ul>\n<li>Ensuring that all operating systems, software, and firmware are regularly updated and patched.<\/li>\n<li>Implementing multi-factor authentication across all services.<\/li>\n<li>Using strong, unique passwords.<\/li>\n<\/ul>\n<p>Additionally, CISA advises businesses to segment their networks to limit the spread of infections and filter network traffic to block unauthorized access attempts.<\/p>\n<p>CISA is urging IT teams to review their #StopRansomware: <a href=\"https:\/\/www.cisa.gov\/news-events\/cybersecurity-advisories\/aa25-071a\" target=\"_blank\" rel=\"noopener\">Medusa Ransomware advisory<\/a> for detailed detection methods and threat indicators.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Image: DC_Studio\/Envato Elements Federal cybersecurity officials are raising red flags over a surge in attacks by the Medusa ransomware group. First detected in June 2021, the group has gained traction recently by using basic but effective methods \u2014 like phishing emails and exploiting outdated software \u2014 to break into systems and hold data hostage. In [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":434,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-433","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Medusa Ransomware Strikes 300+ Targets: FBI &amp; CISA Urge Immediate Action to #StopRansomware - TecnoArtesanos Tech Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/17\/medusa-ransomware-strikes-300-targets-fbi-cisa-urge-immediate-action-to-stopransomware\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Medusa Ransomware Strikes 300+ Targets: FBI &amp; CISA Urge Immediate Action to #StopRansomware - TecnoArtesanos Tech Blog\" \/>\n<meta property=\"og:description\" content=\"Image: DC_Studio\/Envato Elements Federal cybersecurity officials are raising red flags over a surge in attacks by the Medusa ransomware group. First detected in June 2021, the group has gained traction recently by using basic but effective methods \u2014 like phishing emails and exploiting outdated software \u2014 to break into systems and hold data hostage. In [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/17\/medusa-ransomware-strikes-300-targets-fbi-cisa-urge-immediate-action-to-stopransomware\/\" \/>\n<meta property=\"og:site_name\" content=\"TecnoArtesanos Tech Blog\" \/>\n<meta property=\"article:published_time\" content=\"2025-03-17T21:01:10+00:00\" \/>\n<meta name=\"author\" content=\"Sergio Morales\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Sergio Morales\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/17\/medusa-ransomware-strikes-300-targets-fbi-cisa-urge-immediate-action-to-stopransomware\/\",\"url\":\"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/17\/medusa-ransomware-strikes-300-targets-fbi-cisa-urge-immediate-action-to-stopransomware\/\",\"name\":\"Medusa Ransomware Strikes 300+ Targets: FBI &amp; CISA Urge Immediate Action to #StopRansomware - TecnoArtesanos Tech Blog\",\"isPartOf\":{\"@id\":\"https:\/\/blog.tecnoartesanos.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/17\/medusa-ransomware-strikes-300-targets-fbi-cisa-urge-immediate-action-to-stopransomware\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/17\/medusa-ransomware-strikes-300-targets-fbi-cisa-urge-immediate-action-to-stopransomware\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blog.tecnoartesanos.com\/wp-content\/uploads\/2025\/03\/medusa-ransomware-strikes-300-targets-fbi-cisa-urge-immediate-action-to-stopransomware.jpg\",\"datePublished\":\"2025-03-17T21:01:10+00:00\",\"author\":{\"@id\":\"https:\/\/blog.tecnoartesanos.com\/#\/schema\/person\/ec88bc1410fd158963717c4216f04807\"},\"breadcrumb\":{\"@id\":\"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/17\/medusa-ransomware-strikes-300-targets-fbi-cisa-urge-immediate-action-to-stopransomware\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/17\/medusa-ransomware-strikes-300-targets-fbi-cisa-urge-immediate-action-to-stopransomware\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/17\/medusa-ransomware-strikes-300-targets-fbi-cisa-urge-immediate-action-to-stopransomware\/#primaryimage\",\"url\":\"https:\/\/blog.tecnoartesanos.com\/wp-content\/uploads\/2025\/03\/medusa-ransomware-strikes-300-targets-fbi-cisa-urge-immediate-action-to-stopransomware.jpg\",\"contentUrl\":\"https:\/\/blog.tecnoartesanos.com\/wp-content\/uploads\/2025\/03\/medusa-ransomware-strikes-300-targets-fbi-cisa-urge-immediate-action-to-stopransomware.jpg\",\"width\":1400,\"height\":900},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/17\/medusa-ransomware-strikes-300-targets-fbi-cisa-urge-immediate-action-to-stopransomware\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.tecnoartesanos.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Medusa Ransomware Strikes 300+ Targets: FBI &amp; CISA Urge Immediate Action to #StopRansomware\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.tecnoartesanos.com\/#website\",\"url\":\"https:\/\/blog.tecnoartesanos.com\/\",\"name\":\"TecnoArtesanos Tech Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.tecnoartesanos.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.tecnoartesanos.com\/#\/schema\/person\/ec88bc1410fd158963717c4216f04807\",\"name\":\"Sergio Morales\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.tecnoartesanos.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/3d45178fc8fbbe32d39278bc504fa9093f947f406ff4f1ddcfa27505ab772184?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/3d45178fc8fbbe32d39278bc504fa9093f947f406ff4f1ddcfa27505ab772184?s=96&d=mm&r=g\",\"caption\":\"Sergio Morales\"},\"sameAs\":[\"https:\/\/sergiomorales.space\"],\"url\":\"https:\/\/blog.tecnoartesanos.com\/index.php\/author\/sergiomorales\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Medusa Ransomware Strikes 300+ Targets: FBI &amp; CISA Urge Immediate Action to #StopRansomware - TecnoArtesanos Tech Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/17\/medusa-ransomware-strikes-300-targets-fbi-cisa-urge-immediate-action-to-stopransomware\/","og_locale":"en_US","og_type":"article","og_title":"Medusa Ransomware Strikes 300+ Targets: FBI &amp; CISA Urge Immediate Action to #StopRansomware - TecnoArtesanos Tech Blog","og_description":"Image: DC_Studio\/Envato Elements Federal cybersecurity officials are raising red flags over a surge in attacks by the Medusa ransomware group. First detected in June 2021, the group has gained traction recently by using basic but effective methods \u2014 like phishing emails and exploiting outdated software \u2014 to break into systems and hold data hostage. In [&hellip;]","og_url":"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/17\/medusa-ransomware-strikes-300-targets-fbi-cisa-urge-immediate-action-to-stopransomware\/","og_site_name":"TecnoArtesanos Tech Blog","article_published_time":"2025-03-17T21:01:10+00:00","author":"Sergio Morales","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Sergio Morales","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/17\/medusa-ransomware-strikes-300-targets-fbi-cisa-urge-immediate-action-to-stopransomware\/","url":"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/17\/medusa-ransomware-strikes-300-targets-fbi-cisa-urge-immediate-action-to-stopransomware\/","name":"Medusa Ransomware Strikes 300+ Targets: FBI &amp; CISA Urge Immediate Action to #StopRansomware - TecnoArtesanos Tech Blog","isPartOf":{"@id":"https:\/\/blog.tecnoartesanos.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/17\/medusa-ransomware-strikes-300-targets-fbi-cisa-urge-immediate-action-to-stopransomware\/#primaryimage"},"image":{"@id":"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/17\/medusa-ransomware-strikes-300-targets-fbi-cisa-urge-immediate-action-to-stopransomware\/#primaryimage"},"thumbnailUrl":"https:\/\/blog.tecnoartesanos.com\/wp-content\/uploads\/2025\/03\/medusa-ransomware-strikes-300-targets-fbi-cisa-urge-immediate-action-to-stopransomware.jpg","datePublished":"2025-03-17T21:01:10+00:00","author":{"@id":"https:\/\/blog.tecnoartesanos.com\/#\/schema\/person\/ec88bc1410fd158963717c4216f04807"},"breadcrumb":{"@id":"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/17\/medusa-ransomware-strikes-300-targets-fbi-cisa-urge-immediate-action-to-stopransomware\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/17\/medusa-ransomware-strikes-300-targets-fbi-cisa-urge-immediate-action-to-stopransomware\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/17\/medusa-ransomware-strikes-300-targets-fbi-cisa-urge-immediate-action-to-stopransomware\/#primaryimage","url":"https:\/\/blog.tecnoartesanos.com\/wp-content\/uploads\/2025\/03\/medusa-ransomware-strikes-300-targets-fbi-cisa-urge-immediate-action-to-stopransomware.jpg","contentUrl":"https:\/\/blog.tecnoartesanos.com\/wp-content\/uploads\/2025\/03\/medusa-ransomware-strikes-300-targets-fbi-cisa-urge-immediate-action-to-stopransomware.jpg","width":1400,"height":900},{"@type":"BreadcrumbList","@id":"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/17\/medusa-ransomware-strikes-300-targets-fbi-cisa-urge-immediate-action-to-stopransomware\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.tecnoartesanos.com\/"},{"@type":"ListItem","position":2,"name":"Medusa Ransomware Strikes 300+ Targets: FBI &amp; CISA Urge Immediate Action to #StopRansomware"}]},{"@type":"WebSite","@id":"https:\/\/blog.tecnoartesanos.com\/#website","url":"https:\/\/blog.tecnoartesanos.com\/","name":"TecnoArtesanos Tech Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.tecnoartesanos.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.tecnoartesanos.com\/#\/schema\/person\/ec88bc1410fd158963717c4216f04807","name":"Sergio Morales","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.tecnoartesanos.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/3d45178fc8fbbe32d39278bc504fa9093f947f406ff4f1ddcfa27505ab772184?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/3d45178fc8fbbe32d39278bc504fa9093f947f406ff4f1ddcfa27505ab772184?s=96&d=mm&r=g","caption":"Sergio Morales"},"sameAs":["https:\/\/sergiomorales.space"],"url":"https:\/\/blog.tecnoartesanos.com\/index.php\/author\/sergiomorales\/"}]}},"_links":{"self":[{"href":"https:\/\/blog.tecnoartesanos.com\/index.php\/wp-json\/wp\/v2\/posts\/433","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.tecnoartesanos.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.tecnoartesanos.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.tecnoartesanos.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.tecnoartesanos.com\/index.php\/wp-json\/wp\/v2\/comments?post=433"}],"version-history":[{"count":0,"href":"https:\/\/blog.tecnoartesanos.com\/index.php\/wp-json\/wp\/v2\/posts\/433\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.tecnoartesanos.com\/index.php\/wp-json\/wp\/v2\/media\/434"}],"wp:attachment":[{"href":"https:\/\/blog.tecnoartesanos.com\/index.php\/wp-json\/wp\/v2\/media?parent=433"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.tecnoartesanos.com\/index.php\/wp-json\/wp\/v2\/categories?post=433"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.tecnoartesanos.com\/index.php\/wp-json\/wp\/v2\/tags?post=433"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}