Take These Steps Now to Protect Your Data From Medusa Ransomware

Posted on by

More than 300 organizations operating in critical infrastructure, including the medical, technology and manufacturing sectors, have fallen victim to a ransomware threat known as Medusa. With a significant increase in attacks in the first few months of 2025, the FBI and the Cybersecurity and Infrastructure Agency (CISA) are advising companies to take steps now to protect their systems.

What is Medusa ransomware?

Medusa is ransomware that, when successfully deployed, encrypts your data and also poses the threat of exposing your stolen information if you don’t comply with ransom demands.

According to CISA guidelines , victims receive ransom notes asking them to respond within 48 hours, or Medusa actors will contact them by phone or email. Victims are also listed on the data breach website along with a countdown timer and ransom demands with direct links to cryptocurrency wallets. Victims can pay $10,000 to add a day to the countdown, while Medusa puts the data up for sale before the timer runs out. This “double extortion” approach requires payment both to decrypt locked files and to prevent them from being released or sold (so even if you have a backup that you can restore, you still face the threat of information leakage).

The Medusa ransomware was first discovered in June 2021 and has since affected organizations in the healthcare, education, legal, insurance, technology and manufacturing industries. According to the report, Medusa attackers use common techniques such as phishing campaigns and exploiting unpatched software vulnerabilities to steal victims’ credentials and gain access to their systems.

While most Medusa threat mitigation occurs at the organizational level, there are a few things you, as an individual, can do to protect your accounts and, by extension, the company you work for.

How to protect yourself from Medusa ransomware

The FBI and CISA recommend a number of steps to protect your devices and data from the Medusa threat:

  • Use long, strong passwords for all accounts (at least 15 characters recommended).

  • Enable multi-factor authentication (MFA) wherever possible, but especially for webmail, VPNs, and accounts with access to critical systems.

  • Regularly update operating systems, software, and firmware to ensure that known vulnerabilities are patched in a timely manner.

  • Use a VPN when accessing systems remotely.

The guidelines also include recommendations for organizations such as auditing user accounts, maintaining offline backups, using network monitoring tools, and stopping frequent mandatory password changes (which are considered outdated and can make systems less secure, not more).

More…

0
Security

Leave a Reply