Medusa is a ransomware-as-a-service (RaaS) variant first identified in June 2021. As of February 2025, Medusa developers and affiliates have impacted over 300 victims from a variety of critical infrastructure sectors with affected industries including medical, education, legal, insurance, technology, and manufacturing.
The Medusa ransomware variant is unrelated to the MedusaLocker variant and the Medusa mobile malware variant per the FBI’s investigation. FBI, CISA, and MS-ISAC encourage organizations to implement the recommendations in the Mitigations section of this advisory to reduce the likelihood and impact of Medusa ransomware incidents
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- Poland investigates Iran links behind cyberattack on nuclear facility
March 12, 2026
Poland is looking into whether an attempted cyberattack on a nuclear research facility was carried out by Iran, the government said on Thursday. The country’s digital minister Krzysztof Gawkowski said in an emailed statement that Poland had “identified an attempted cyberattack on the servers of the National Centre for Nuclear Research,” which authorities had thwarted. He ...
- Telus probes cybersecurity incident that ‘ShinyHunters’ group claims responsibility for
March 12, 2026
Canadian telecommunications and business services firm Telus is investigating a cybersecurity incident involving unauthorized access to some of its systems, a company spokesperson said on Thursday. The ShinyHunters hacking group told Reuters in a message it stole at least 700 terabytes of data from Telus. All business operations within the company “remain fully operational, and there ...
- CISA warns max-severity n8n bug is being exploited in the wild
March 12, 2026
The US Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that hackers are exploiting a max-severity remote code execution (RCE) vulnerability in workflow automation platform n8n. CISA urged all federal civilian executive branch (FCEB) agencies to patch CVE-2025-68613 at once because it carries a near-perfect 9.9 vulnerability score. The bug was first disclosed in December, and ...
- Iran-linked hackers launch cyberattack against U.S. medtech company Stryker
March 11, 2026
U.S. medical technology company Stryker is currently experiencing a massive cyberattack, which has shut down their computer systems and, as a result, even closed the company’s offices. An Iran-linked digital activist collective known as Handala is claiming credit for the cyberattack against Stryker. This would be the first major cyberattack carried out in the wake of the ...
- Russian hackers target HR departments with vicious new ‘BlackSanta’ malware
March 11, 2026
Russian hackers have been targeting Human Resources (HR) departments at various organizations around the world with a never-before seen piece of malware called BlackSanta. The campaign was spotted by cybersecurity researchers Aryaka, who said the attacks have been going on for at least a year, and include a rather sophisticated infection chain. It most likely starts ...
- BeatBanker: A dual‑mode Android Trojan
March 10, 2026
Recently, Kaspersky researchers uncovered BeatBanker, an Android‑based malware campaign targeting Brazil. It spreads primarily through phishing attacks via a website disguised as the Google Play Store. To achieve their goals, the malicious APKs carry multiple components, including a cryptocurrency miner and a banking Trojan capable of completely hijacking the device and spoofing screens, among other ...