JACKSONVILLE, Fla. – Cybersecurity authorities at both federal levels along with the FBI have alerted the public about a significant ransomware threat that has impacted numerous individuals.
Last week, the FBI, along with the Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC), released a collaborative cybersecurity warning aimed at disseminating details regarding Medusa ransomware. This alert forms part of CISA’s ongoing efforts. ongoing #StopRansomware initiative, which flags ransomware variants and threat actors, as well as their observed tactics, techniques, and procedures.
Medusa is a ransomware-as-a-service provider first identified in June 2021, according to the advisory. As of February, Medusa has impacted over 300 victims from multiple critical infrastructure sectors and industries, including medical, education, legal, insurance, technology, and manufacturing.
Originally, Medusa operated as a closed ransomware variant where all development and associated operations were controlled by the same group of cyber threat actors. It has since shifted toward an affiliate model, where developers and affiliates — called "Medusa actors" — use a double extortion model "where they encrypt victim data and threaten to publicly release exfiltrated data if a ransom is not paid," according to the advisory.
According to the advisory, the ransom note requires victims to establish communication within 48 hours using either a web-based live chat service or an end-to-end encrypted instant messaging app. If the victims fail to reply to this message, members of the Medusa group may reach out to them personally through telephone calls or emails.
According to the advisory, Medusa runs a data leak website where victims are displayed along with countdown timers indicating when more information will be released.
The advisory noted that ransom demands were listed on the website along with direct links to cryptocurrency wallets associated with Medusa. At this point, Medusa simultaneously offers to sell the stolen data to potential buyers before the countdown expires. Affected individuals have the option to pay an additional $10,000 in digital currency to extend the deadline by one day.
How to protect your organization from Medusa ransomware
The FBI, CISA, along with MS-ISAC, have suggested several steps that organizations should implement promptly to safeguard against Medusa ransomware attacks:
- Need to use VPNs or jump hosts for accessing remotely.
- Keep an eye out for any unapproved scanning activities and access attempts.
- Mandate employees to utilize strong, lengthy passwords and contemplate eliminating regular mandatory password updates, as these can potentially undermine security.
- Require multi-factor authentication for all services to the extent possible, especially for Gmail and email, virtual private networks, and accounts that access critical systems.
- Keep all operating systems, software, and firmware up to date.
- Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, and secure location (e.g., hard drive, storage device, the cloud).
- Divide networks to stop the propagation of ransomware.
- Recognize, pinpoint, and examine unusual behavior and possible movements within the specified ransomware using a network surveillance tool. To assist in identifying the ransomware, deploy an instrument that records and alerts on all network communications, encompassing activities related to lateral movement across the network.
Recently, there have been cyber assaults targeting essential infrastructure.
In recent years, the federal government has doubled down on efforts to thwart global cybercrime , which has become increasingly widespread. Federal agencies have issued multiple advisories that warned against the threat of cyberattacks.
Cybercrime is a "significant and growing threat" to national and economic security, according to the Department of State. As people become more dependent on information and communication technologies, the department said more criminals continue to shift to online schemes.
The Department of State reports that cybercrimes can span from stealing intellectual property to deploying ransomware, which could result in multibillion-dollar financial hits for companies and pose risks to crucial industries nationwide.
The surge in malicious cyber incidents coincides with the rise in online communication during the COVID-19 pandemic, according to a 2023 cyberthreat study According to the study referencing FBI statistics, cybercrimes surged fourfold throughout the pandemic period.
A number of significant cyber-attacks have been making news recently. In March, accusations were leveled against 12 individuals from China for their alleged involvement in cyber hacking activities. take data from the Treasury Department and other organizations worldwide.
In January, USA TODAY reported that a UnitedHealth data hack impacted 1 in 2 Americans. Hackers exposed or stole medical records from about 190 million people in February 2024.
Last October, federal prosecutors announced that two Sudanese citizens faced charges for leading a stealthy computer hacker collective that sought to "declare cyberwar on the United States" by targeting the FBI, hospitals, Hulu, Netflix, CNN, Microsoft, Reddit, and X, among others.
Contributors: Bart Jansen, Krystal Nurse, and Minnah Arshad, USA TODAY
The article initially appeared in the Florida Times-Union. Authorities caution about perilous Medusa ransomware assaults. Follow these steps to remain safeguarded.
Post a Comment