Medusa is a ransomware-as-a-service (RaaS) variant first identified in June 2021. As of February 2025, Medusa developers and affiliates have impacted over 300 victims from a variety of critical infrastructure sectors with affected industries including medical, education, legal, insurance, technology, and manufacturing.
The Medusa ransomware variant is unrelated to the MedusaLocker variant and the Medusa mobile malware variant per the FBI’s investigation. FBI, CISA, and MS-ISAC encourage organizations to implement the recommendations in the Mitigations section of this advisory to reduce the likelihood and impact of Medusa ransomware incidents
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- Yarbo responds to robot flaws that could mow down their owners
May 11, 2026
A researcher found that Yarbo yard robots came with a host of vulnerabilities which, among others, allowed an attacker to harvest WiFi passwords. Security researcher Andreas Makris found he could remotely hijack thousands of Yarbo yard robots worldwide, and proved it by having his mower run him over. The root cause was a cluster of “legacy” design choices: ...
- Vibe Hacking: Two AI-Augmented Campaigns Target Government and Financial Sectors in Latin America
May 11, 2026
Threat actors using AI is an unsurprising and even long-predicted developmentopen on a new tab. In a case in point, TrendAI™ Research has identified two emerging threat campaigns that used agentic AI to drive intrusion operations against government entities and financial organizations across several countries in Latin America. Though evidence suggests that the two groups are likely ...
- Water company’s leaky security earns near-£1M fine
May 11, 2026
The UK’s data protection watchdog has fined South Staffordshire Water’s parent company nearly £1 million over security failings exposed by the Cl0p ransomware attack in 2022. Issuing the fine of £963,900 ($1.3 million), the Information Commissioner’s Office (ICO) said the attack exposed “significant failures in the company’s approach to data security.” The attack, claimed by Cl0p, was detected ...
- Adversaries Leverage AI for Vulnerability Exploitation, Augmented Operations, and Initial Access
May 11, 2026
Since our February 2026 report on AI-related threat activity, Google Threat Intelligence Group (GTIG) has continued to track a maturing transition from nascent AI-enabled operations to the industrial-scale application of generative models within adversarial workflows. This report, based on insights derived from Mandiant incident response engagements, Gemini, and GTIG’s proactive research, highlights the dual nature ...
- Experts warn nearly half of the world’s passwords can easily be cracked in just a few minutes
May 8, 2026
Using real-world samples recovered from the dark web, Kaspersky researchers have tested how long it would take to crack most passwords, and found that almost half of the world’s passwords can be cracked in less than a minute. Additionally, the research shows that within an hour, that number rises to three out of five passwords. Armed with this knowledge, ...
- Disgraced US gov software contractor found guilty of database destruction
May 8, 2026
A Virginia man, Sohaib Akhter, faces decades in prison after a jury convicted him of being involved in a scheme to delete approximately 96 databases containing US government data. The events of the case transpired around two weeks before the twin brothers allegedly involved were fired from their jobs at a software supplier to the US ...