#StopRansomware: Medusa Ransomware


Medusa is a ransomware-as-a-service (RaaS) variant first identified in June 2021. As of February 2025, Medusa developers and affiliates have impacted over 300 victims from a variety of critical infrastructure sectors with affected industries including medical, education, legal, insurance, technology, and manufacturing.

The Medusa ransomware variant is unrelated to the MedusaLocker variant and the Medusa mobile malware variant per the FBI’s investigation. FBI, CISA, and MS-ISAC encourage organizations to implement the recommendations in the Mitigations section of this advisory to reduce the likelihood and impact of Medusa ransomware incidents

Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division


Sign up for our Newsletter


Related:

  • Incoming: Airborne Cyber Attacks No Longer the Stuff of Sci-Fi

    April 19, 2018

    From RSA: The prospect of virus-like cyberattacks spreading over the air may sound like science fiction but it’s shaping up to be the next major field of battle with hackers One if by land. Two if by sea. How about Three by airborne internet attack? CISOs will soon need to protect their organizations from virus-like cyber attacks ...

  • Automated Bots Growing Tool For Hackers

    April 17, 2018

    The use of automated bots is becoming more prevalent for novice attackers as tools become more available, researchers found. A honeypot experiment, detailed by Cybereason at this year’s RSA Conference, showed the commoditization of using bots to perform low-level tasks. The honeypot showed an automated bot come in and lay the groundwork – by exploiting vulnerabilities and ...

  • Casino Gets Hacked Through Its Internet-Connected Fish Tank Thermometer

    April 15, 2018

    Internet-connected technology, also known as the Internet of Things (IoT), is now part of daily life, with smart assistants like Siri and Alexa to cars, watches, toasters, fridges, thermostats, lights, and the list goes on and on. But of much greater concern, enterprises are unable to secure each and every device on their network, giving cybercriminals ...

  • Hackers Found Using A New Code Injection Technique to Evade Detection

    April 13, 2018

    While performing in-depth analysis of various malware samples, security researchers at Cyberbit found a new code injection technique, dubbed Early Bird, being used by at least three different sophisticated malware that helped attackers evade detection. As its name suggests, Early Bird is a “simple yet powerful” technique that allows attackers to inject malicious code into a legitimate ...

  • AMD Acknowledges Newly Disclosed Flaws In Its Processors — Patches Coming Soon

    March 20, 2018

    MD has finally acknowledged 13 critical vulnerabilities, and exploitable backdoors in its Ryzen and EPYC processors disclosed earlier this month by Israel-based CTS Labs and promised to roll out firmware patches for millions of affected devices ‘in the coming weeks.’ According to CTS-Labs researchers, critical vulnerabilities (RyzenFall, MasterKey, Fallout, and Chimera) that affect AMD’s Platform Security ...

  • Phishing still number one method for cyber-attacks

    March 16, 2018

    Microsoft has just released its annual cybersecurity report and it says that phishing is still the most popular way for cyber-criminals to attack, giving security experts everywhere headaches. To create the report, Microsoft scanned more than 400 billion emails, 450 billion authentications and 1.2 billion devices. More than half (53 per cent) of all email threats are phishing ...