Medusa is a ransomware-as-a-service (RaaS) variant first identified in June 2021. As of February 2025, Medusa developers and affiliates have impacted over 300 victims from a variety of critical infrastructure sectors with affected industries including medical, education, legal, insurance, technology, and manufacturing.
The Medusa ransomware variant is unrelated to the MedusaLocker variant and the Medusa mobile malware variant per the FBI’s investigation. FBI, CISA, and MS-ISAC encourage organizations to implement the recommendations in the Mitigations section of this advisory to reduce the likelihood and impact of Medusa ransomware incidents
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- Website for US deportation airline GlobalX defaced by hackers
May 5, 2025
Hackers defaced one of the websites of the airline at the center of President Donald Trump’s campaign of deportations to an offshore detention center in El Salvador, a Reuters viewing of the site showed on Monday. A message posted to a subdomain of GlobalX said the site had been hijacked by hackers operating under the banner ...
- Hundreds of top ecommerce sites under attack following Magento supply chain flaw
May 5, 2025
Hundreds of ecommerce websites, including at least one major player, behemoth, have been compromised after poisoned Magento extensions woke up from a six-year slumber. Cybersecurity researchers Sansec discovered the supply chain attack after one of its clients was targeted, ultimately finding 21 backdoored Magento extensions, belonging to three companies: Tigren, Meetanshi, and MSG. The company says ...
- TeleMessage, a modified Signal clone used by US government officials, has been hacked
May 5, 2025
A hacker has exploited a vulnerability in TeleMessage, which provides modded versions of encrypted messaging apps such as Signal, Telegram, and WhatsApp, to extract archived messages and other data relating to U.S. government officials and companies who used the tool, 404 Media reported. TeleMessage came into the spotlight last week after it was reported that former ...
- Kidnappers in France target cryptocurrency entrepreneurs for ransom
May 4, 2025
French police rescued the father of a wealthy cryptocurrency entrepreneur in a nighttime raid after he was taken hostage for ransom, the latest alleged criminal effort in France to extort people involved in the management of digital assets. The man was kidnapped Thursday morning in Paris, the prosecutor’s office said Sunday. “The victim turned out to ...
- Scattered Spider hacking group allegedly behind cyber-attacks on Marks & Spencer
May 2, 2025
The culprit behind the M&S cyber attack is still a matter of investigation but speculation has pointed to a group called Scattered Spider. Also called UNC3944, Octo Tempest or Muddled Libra, Scattered Spider is a hacking group comprised of hackers – some thought to be as young as 16. Members are said to frequent hacker forums, ...
- Actively Exploited SAP NetWeaver Visual Composer Vulnerability Enables Remote Code Execution (CVE-2025-31324)
May 2, 2025
The SonicWall Capture Labs threat research team became aware of an arbitrary file upload vulnerability in the Metadata Uploader component of SAP NetWeaver Visual Composer, assessed its impact, and developed mitigation measures. SAP NetWeaver serves as a robust technology platform that functions as both an integration hub and application layer, enabling businesses to unify data, processes, ...