101/68 Friday, March 14, 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the FBI and the Multi-State Information Sharing and Analysis Center (MS-ISAC), has issued a warning regarding the Medusa ransomware, which has impacted more than 300 organizations across critical sectors such as healthcare, education, law, insurance, technology, and manufacturing since early 2025. The advisory urges organizations to implement preventive measures, including system updates, network segmentation, and blocking access from untrusted sources, to mitigate the risk of attacks.
Medusa, a ransomware group that emerged in 2021, has been increasingly active since 2023, adopting new strategies such as using the Medusa Blog to pressure victims into paying ransoms by publishing stolen data if they refuse. With over 400 victims worldwide, Medusa is notorious for its attacks on Minneapolis Public Schools (MPS) and Toyota Financial Services, which declined to pay an $8 million ransom. Additionally, Medusa operates as a Ransomware-as-a-Service (RaaS), allowing affiliates to distribute the malware in exchange for a share of ransoms, potentially earning up to $1 million.
CISA and the FBI warn that Medusa ransomware is often mistaken for other groups, such as MedusaLocker or Mirai-based botnets, causing confusion in threat reports. However, the actual damage inflicted is severe. In February, CISA also issued a warning about Ghost ransomware, which has affected multiple industries across more than 70 countries, including critical infrastructure. Addressing these threats requires vigilance and stringent cybersecurity measures across all sectors.
