Cybersecurity is extra essential than ever, with e mail providers like Gmail and Outlook changing into prime targets for cybercriminals.
On March 12, the FBI, U.S. Cybersecurity and Infrastructure Safety Company (CISA), and the Multi-State Info Sharing and Evaluation Heart (MS-ISAC) issued a joint advisory warning in regards to the rising menace from the Medusa ransomware gang. This advisory is a part of CISA’s ongoing #StopRansomware initiative, which identifies numerous ransomware variants, menace actors, and their techniques, strategies, and procedures.
Discover out extra in regards to the advisory, the menace, and the most effective methods customers can keep vigilant and take crucial precautions to guard their private {and professional} knowledge under.
What Did the FBI Advisory Warn About Gmail and Outlook?
In keeping with the advisory, the Medusa ransomware gang operates as a ransomware-as-a-service (RaaS) variant, primarily focusing on people by way of phishing campaigns—fraudulent emails designed to steal private data or immediate customers to click on on malicious hyperlinks.
What Is Medusa?
The Medusa ransomware gang was first recognized in June 2021. It’s unrelated to the MedusaLocker variant or the Medusa cell malware variant, as confirmed by the FBI’s investigation.
As of February, Medusa has impacted over 300 victims throughout numerous essential infrastructure sectors, together with medical, training, authorized, insurance coverage, know-how, and manufacturing.
How Does Medusa Ransomware Function?
Along with phishing campaigns, the Medusa ransomware group exploits unpatched software program vulnerabilities. As soon as a system is contaminated, the group holds the sufferer’s knowledge or pc “hostage” till a ransom is paid. Each Medusa builders and associates—known as “Medusa actors” within the advisory—make use of a double extortion mannequin. This implies they not solely encrypt the sufferer’s knowledge but additionally threaten to publicly launch exfiltrated data if the ransom will not be paid.
The ransom notice calls for that victims contact the attackers inside 48 hours through a browser-based dwell chat or an end-to-end encrypted instantaneous messaging platform. If victims fail to reply, Medusa actors could attain out straight by way of cellphone or e mail.
Medusa additionally operates an information leak web site, the place victims’ data is displayed alongside countdown timers resulting in the discharge of that knowledge. In keeping with the advisory, ransom calls for are posted on the location with direct hyperlinks to Medusa-affiliated cryptocurrency wallets. The group additionally advertises the sale of stolen knowledge to events earlier than the countdown expires. Victims will pay $10,000 USD in cryptocurrency to increase the countdown by one extra day.
Easy methods to Defend Your self Towards the Cybersecurity Risk
The FBI and CISA suggest a number of key practices to assist safeguard towards cyber threats. First, all accounts ought to use lengthy, distinctive passwords, and multifactor authentication needs to be enabled for webmail, VPNs, and accounts that entry essential techniques. It’s also essential to maintain all working techniques, software program, and firmware updated.
As well as, organizations ought to implement a restoration plan that maintains a number of copies of delicate or proprietary knowledge in bodily separate, segmented, and safe places, equivalent to onerous drives, storage units, or the cloud. Community segmentation is one other key measure to forestall the unfold of ransomware. To detect and examine irregular exercise, together with potential ransomware motion, it’s vital to make the most of community monitoring instruments and implement options that log and report all community visitors, together with lateral motion.
