Cybersecurity is extra crucial than ever, with electronic mail providers like Gmail and Outlook changing into prime targets for cybercriminals.
On March 12, the FBI, U.S. Cybersecurity and Infrastructure Safety Company (CISA), and the Multi-State Data Sharing and Evaluation Heart (MS-ISAC) issued a joint advisory warning concerning the rising menace from the Medusa ransomware gang. This advisory is a part of CISA’s ongoing #StopRansomware initiative, which identifies numerous ransomware variants, menace actors, and their techniques, methods, and procedures.
Discover out extra concerning the advisory, the menace, and the perfect methods customers can keep vigilant and take vital precautions to guard their private {and professional} information under.
What Did the FBI Advisory Warn About Gmail and Outlook?
Based on the advisory, the Medusa ransomware gang operates as a ransomware-as-a-service (RaaS) variant, primarily focusing on people by phishing campaigns—fraudulent emails designed to steal private data or immediate customers to click on on malicious hyperlinks.
What Is Medusa?
The Medusa ransomware gang was first recognized in June 2021. It’s unrelated to the MedusaLocker variant or the Medusa cell malware variant, as confirmed by the FBI’s investigation.
As of February, Medusa has impacted over 300 victims throughout numerous crucial infrastructure sectors, together with medical, training, authorized, insurance coverage, expertise, and manufacturing.
How Does Medusa Ransomware Function?
Along with phishing campaigns, the Medusa ransomware group exploits unpatched software program vulnerabilities. As soon as a system is contaminated, the group holds the sufferer’s information or laptop “hostage” till a ransom is paid. Each Medusa builders and associates—known as “Medusa actors” within the advisory—make use of a double extortion mannequin. This implies they not solely encrypt the sufferer’s information but additionally threaten to publicly launch exfiltrated data if the ransom isn’t paid.
The ransom observe calls for that victims contact the attackers inside 48 hours through a browser-based dwell chat or an end-to-end encrypted instantaneous messaging platform. If victims fail to reply, Medusa actors might attain out immediately by cellphone or electronic mail.
Medusa additionally operates a knowledge leak web site, the place victims’ data is displayed alongside countdown timers resulting in the discharge of that information. Based on the advisory, ransom calls for are posted on the location with direct hyperlinks to Medusa-affiliated cryptocurrency wallets. The group additionally advertises the sale of stolen information to events earlier than the countdown expires. Victims will pay $10,000 USD in cryptocurrency to increase the countdown by one further day.
Easy methods to Shield Your self In opposition to the Cybersecurity Risk
The FBI and CISA suggest a number of key practices to assist safeguard towards cyber threats. First, all accounts ought to use lengthy, distinctive passwords, and multifactor authentication needs to be enabled for webmail, VPNs, and accounts that entry crucial methods. Additionally it is essential to maintain all working methods, software program, and firmware updated.
As well as, organizations ought to implement a restoration plan that maintains a number of copies of delicate or proprietary information in bodily separate, segmented, and safe areas, akin to arduous drives, storage gadgets, or the cloud. Community segmentation is one other key measure to stop the unfold of ransomware. To detect and examine irregular exercise, together with potential ransomware motion, it’s necessary to make the most of community monitoring instruments and implement options that log and report all community site visitors, together with lateral motion.
