- FBI, Cisa and MS-ISAC publish a new report on Medusa Ransomware
- They claim that the group has struck hundreds of critical infrastructure companies
- Agencies share advice on how to stay safe
Hundreds of critical infrastructure targets have been victims of Medusa ransomware in the past four years, has warned a new US government report, urging organizations to apply known attenuations and minimizing the risk of attack.
The Federal Bureau of Investigation, the American Cybersecurity and Infrastructure Safety Agency (CISA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC), have published a joint report indicating more than 300 organizations in the critical infrastructure sector have already taken prey to the infamous group
“In February 2025, the promoters and affiliates of the Medusa had an impact on 300 victims of various sectors of critical infrastructure with affected industries, in particular medicine, education, legal, insurance, technology and manufacturing,” said the report. “The FBI, the CISA and the MS-ISAC encourage organizations to implement the recommendations in the attenuations section of this opinion to reduce the probability and impact of Méduse Ransomware incidents.”
Attenuating risks
The recommendations include the attenuation of known vulnerabilities and ensure that operating systems, software and firmware are corrected in time, networks segmentation to hinder lateral movement attempts and network traffic filtering by blocking access from unreliable origin.
Medusa emerged for the first time in 2021, but as it was initially intended to be a closed ransomware variant, its success was somewhat limited. A few years later, the operation became ransomware as a service (RAAS) with an affiliation model, which propelled it into one of the most dangerous variants on the market.
“Medusa developers generally recruit the initial access brokers (IAB) in forums and cybercriminal markets to obtain initial access to potential victims,” said the report. “Potential payments between USD 100 and 1 million USD are offered to these affiliates with the opportunity to work exclusively for Medusa.”
Some of the most notable victims include the public school district of Minneapolis, which underwent an important violation, which led to the exposure of sensitive information such as psychological relationships and allegations of abuse. Other affected sectors include sectors of health, manufacturing, technology, lawyers, insurance and education.
Via Bleeping Compompute
