Alert Issued for Medusa Ransomware By FBI and U.S. Cybersecurity Agency

The Federal Bureau of Investigation and the U.S. Cybersecurity and Infrastructure Security Agency are alerting users of popular email platforms like Gmail and Outlook to stay vigilant against a dangerous ransomware scheme that could be extremely costly. In a bulletin issued this week, the agencies highlighted a warning about the Medusa ransomware group, which has been active since 2021. “Although Medusa has transitioned to an affiliate model, critical operations such as ransom negotiations remain under the developers’ control,” the advisory stated. “Both Medusa developers and affiliates, referred to as ‘Medusa actors’ in this bulletin, utilize a double extortion tactic. They encrypt victims’ data and threaten to release stolen data publicly if the ransom isn’t paid.”

As of February 2025, this group has victimized over 300 entities across various sectors including healthcare, education, legal, insurance, tech, and manufacturing. Their methods involve phishing scams—deceptive emails designed to trick recipients into clicking harmful links or revealing personal details—along with exploiting unpatched software weaknesses. By doing so, they effectively hold computers or information ‘hostage’ until they receive the demanded ransom payment.

To protect against such threats, the FBI and CISA advise all account holders to use complex, unique passwords. It’s crucial to enable multi-factor authentication for webmail, VPNs, and any accounts that have access to essential systems. Keeping all operating systems, software, and firmware updated is also strongly recommended.