Officials warn against dangerous Medusa ransomware attacks. Here's how to stay protected.
Officials warn against dangerous Medusa ransomware attacks. Here's how to stay protected.
Show Caption
Hide Caption
What to do if your personal information is compromised
If your personal information is ever compromised due to a data breach, here's what to do.
Damien Henderson, USA TODAY
JACKSONVILLE, Fla. – Federal cybersecurity agencies and the FBI have warned the public against a dangerous ransomware scheme that has affected hundreds of people.
The FBI, Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) issued a joint cybersecurity advisory last week to share information about Medusa ransomware. The advisory is part of CISA's ongoing #StopRansomware initiative, which flags ransomware variants and threat actors, as well as their observed tactics, techniques, and procedures.
Medusa is a ransomware-as-a-service provider first identified in June 2021, according to the advisory. As of February, Medusa has impacted over 300 victims from multiple critical infrastructure sectors and industries, including medical, education, legal, insurance, technology, and manufacturing.
Originally, Medusa operated as a closed ransomware variant where all development and associated operations were controlled by the same group of cyber threat actors. It has since shifted toward an affiliate model, where developers and affiliates — called "Medusa actors" — use a double extortion model "where they encrypt victim data and threaten to publicly release exfiltrated data if a ransom is not paid," according to the advisory.
The ransom note demands victims make contact within 48 hours through a browser-based live chat or an end-to-end encrypted instant messaging platform, according to the advisory. Victims can also be contacted directly by Medusa actors via phone or email if they do not respond to the ransom note.
Medusa also operates a data leak site, which shows victims alongside countdowns to the release of information, according to the advisory.
"Ransom demands are posted on the site, with direct hyperlinks to Medusa-affiliated cryptocurrency wallets," the advisory stated. "At this stage, Medusa concurrently advertises sale of the data to interested parties before the countdown timer ends. Victims can additionally pay $10,000 USD in cryptocurrency to add a day to the countdown timer."
How worried should we be? Cyberattacks on critical US infrastructure keep happening.
How to protect your organization from Medusa ransomware
The FBI, CISA, and MS-ISAC recommended some actions organizations should take immediately to protect against Medusa ransomware threats:
Require VPNs or Jump Hosts for remote access.
Monitor for unauthorized scanning and access attempts.
Require employees to use long passwords and consider not requiring frequently recurring password changes, which can weaken security.
Require multi-factor authentication for all services to the extent possible, especially for Gmail and email, virtual private networks, and accounts that access critical systems.
Keep all operating systems, software, and firmware up to date.
Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, and secure location (e.g., hard drive, storage device, the cloud).
Segment networks to prevent the spread of ransomware.
Identify, detect, and investigate abnormal activity and potential traversal of the indicated ransomware with a networking monitoring tool. To aid in detecting the ransomware, implement a tool that logs and reports all network traffic, including lateral movement activity on a network.
What to know: 2.9 billion records, including Social Security numbers, stolen in data hack
Recent cyberattacks on critical infrastructure
In recent years, the federal government has doubled down on efforts to thwart global cybercrime, which has become increasingly widespread. Federal agencies have issued multiple advisories that warned against the threat of cyberattacks.
Cybercrime is a "significant and growing threat" to national and economic security, according to the Department of State. As people become more dependent on information and communication technologies, the department said more criminals continue to shift to online schemes.
Cyber crimes can range from intellectual property theft to ransomware, potentially costing businesses billions of dollars in losses and threatening critical sectors across the country, according to the Department of State.
The surge in malicious cyber incidents coincides with the rise in online communication during the COVID-19 pandemic, according to a 2023 cyberthreat study. Citing FBI data, the study said cybercrime increased by 400% during the pandemic.
Several high-profile cyberattacks have made headlines in recent months. In March, 12 Chinese citizens were accused of cyber-hacking to steal data from the Treasury Department and other organizations worldwide.
In January, USA TODAY reported that a UnitedHealth data hack impacted 1 in 2 Americans. Hackers exposed or stole medical records from about 190 million people in February 2024.
Last October, federal prosecutors announced that two Sudanese citizens faced charges for running a guerilla computer hacking group that sought to "declare cyberwar on the United States" by targeting the FBI, hospitals, Hulu, Netflix, CNN, Microsoft, Reddit, and X, among others.
Contributing: Bart Jansen, Krystal Nurse, and Minnah Arshad, USA TODAY
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
41 minutes ago
Amid recent string of attacks inspired by Israel-Hamas war, some experts worry counterterrorism not a priority
Five alleged high-profile terrorist attacks have occurred across the United States in the first six months of 2025, including four that investigators suspect were motivated by the war in Gaza or radicalized by the ISIS terrorist group. But as law enforcement investigates the violent incidents -- from the New Orleans truck rampage to the Molotov cocktail attack in Boulder -- some counterterrorism experts say they're worried the federal government has taken its eye "off the ball" in preventing terrorism as its priorities shift -- from counterterrorism to mass deportation. "It's stunning to me that we're making the same mistakes we did in the lead-up to 9/11," said Elizabeth Neumann, a former Department of Homeland Security assistant secretary for counterterrorism during the first Trump administration. "Now that does not mean that we're going to have another 9/11, but it's very alarming to me that we are repeating mistakes." A DHS senior official said in a statement to ABC News, "Any suggestion that DHS is stepping away from addressing terrorism is simply false." "Under President Trump, the Department of Homeland Security will use every tool and resource available to secure our border, protect the homeland, and get criminal illegal aliens out of our country," the DHS official said. "The safety of American citizens comes first." The wave of extremist violence has come against a backdrop of a rising number of assaults, vandalism and harassment nationwide linked to the Israel-Hamas war. The war erupted on Oct. 7, 2023, when the Hamas terrorist group staged a widespread ambush in Israel, killing 1,200 people, including children, and taking 251 hostages, with about 20 still held in captivity. According to the Hamas-run Gaza Ministry of Health, the death toll in Gaza is nearly 54,000 since the war began. Federal and state law enforcement agencies and the Department of Homeland Security have repeatedly issued bulletins, warning the country is vulnerable to terrorism, especially at large events, as a result of the Gaza war. The New York City Police Department, responsible for protecting the largest Jewish population in the world outside of Israel, issued a bulletin last month, saying, "Jewish people and institutions continue to be the target of violent assaults, harassment, intimidation, hate crimes, and threats, especially since the onset of the Israel-Hamas war." On Thursday night, the FBI and Department of Homeland Security warned of an "elevated threat" facing the Jewish community in the wake of the back-to-back incidents in Washington, D.C., and Boulder. However, the DHS and FBI did not indicate there are any known threats in a joint intelligence bulletin sent to law enforcement on May 23. "Violent extremist messaging continues to highlight major sporting and cultural events and venues as potential targets, and threat actors -- including domestic violent extremists (DVEs), homegrown violent extremists (HVEs) inspired by Foreign Terrorist Organizations (FTOs), and other mass casualty attackers not motivated by an ideology -- previously have targeted public events with little to no warning," according to the bulletin. John Cohen, a former Department of Homeland Security undersecretary of intelligence, said he is concerned that at this time of heightened security, the White House has proposed cutting the FBI's fiscal-year 2026 budget by $545 million dollars, or about 5% of the bureau's budget. An internal memo from the FBI Chicago office, obtained in March by ABC Chicago station WLS-TV, confirmed that members of the office's Joint Terrorism Task Force (JTTF), and terrorism task forces nationwide, will be supporting Homeland Security task forces focused on making immigration arrests. "So at the very time that we are seeing more and more acts of violence and destructive demonstration activity by people who are being, in some cases, not only inspired but facilitated by foreign threat actors, the concern is that the resources being devoted to addressing that threat are being decreased," said Cohen, an ABC News contributor. Neumann said it's not just the FBI's counterterrorism departments getting slashed. She said an office she helped establish within the Department of Homeland Security to help communities across the nation prevent hate-fueled attacks is being drastically cut back. ProPublica reported this week that the office, the Center for Prevention Programs and Partnerships (CP3), is currently being spearheaded by a 22-year-old recent college graduate with no previous counterterrorism experience. "What this office does is it creates capability locally, within a state, to be able to educate bystanders on the signs and indicators of somebody that might be radicalizing ... and then it helps states create the capability for mental health practitioners and other professionals to be able to intervene with individuals," Neumann said. "It was needed because we just have so many people moving into that stage of, 'Well, they might commit an act of violence, but they haven't done anything criminal yet.'" Neumann, an ABC News contributor, said she has noticed a complacency set in after the U.S. declared victory over ISIS in 2019 and withdrew troops from Afghanistan in 2021. "We are moving our eye off the ball to focus on things that I don't know are what I would put in the top of my counterterrorism bucket," Neumann said. 'Immigration security IS national security' In a statement to ABC News, White House spokesperson Abigail Jackson said concerns that the administration has taken its eye off counterterrorism to focus on its deportation crackdown are unfounded. "Immigration security IS national security -- look no further than the terrorist, who was in the United States illegally, that firebombed elderly Jewish women," Jackson said, referring to 45-year-old Egyptian citizen Mohamed Soliman accused of throwing Molotov cocktails at a group of marchers advocating for the release of hostages being held in Gaza. "Enforcing our immigration laws and removing illegal aliens is one big way President Trump is Making America Safe Again." Soliman entered the U.S. in 2022 on a B2 visa that expired in February 2023, according to DHS. A senior official told ABC News he was then granted a work permit that expired in March 28, 2025. Answering critics questioning the administration's preparedness for protecting the homeland in the wake of the string of recent terror attacks, Jackson said, "But the President can walk and chew gum at the same time -- we're holding all criminals accountable, whether they're illegal aliens or American citizens. That's why nationwide murder rates have plummeted, fugitives from the FBI's most wanted list have been captured, and police officers are empowered to do their jobs, unlike under the Biden Administration's soft-on-crime regime." According to the Department Justice and annual FBI violent crime statistics, that nation's murder rate has fallen for the past three consecutive years. The White House also pointed to President Donald Trump's proclamation on Wednesday banning travel from 12 countries -- including Afghanistan, Iran and Libya -- and imposing travel restrictions on seven other countries as evidence the administration has not lost its focus on national security concerns. Egypt, where the suspect in the Boulder attack is from, was not included in the list of countries. Ben Williamson, the FBI's assistant director for public affairs, told ABC News in a statement that while the bureau does not comment on specific personnel decisions, "our agents and support staff are dedicated professionals working around the clock to defend the homeland and crush violent crime -- a mission which certainly overlaps with the consequences of the previous administration's open border policies for four years." Williamson added, "We are proud to work with our interagency partners to keep the American people safe." DHS: Terrorist attacks linked to Gaza war Cohen, the former DHS intelligence official, said neither the Trump administration nor the Biden administration have done enough to prevent terrorism, while foreign actors and terrorist groups like ISIS have upped their game on the internet to radicalize converts within the U.S. "We're continuing to see efforts to not just inspire but instruct those individuals who are angry, who are certain, who are looking for the justification to engage in violence, to express that anger," Cohen said. "So content is developing and introduced online that's intended to inspire them to commit violence, but also providing instructions on just how to do it. We've seen videos talking about vehicle ramming. We've seen videos talking about how to construct explosive devices. We've seen video online encouraging mass shootings at the same time." In August 2024, two Austrian teenagers were arrested and accused of plotting to attack Taylor Swift concerts in Vienna. Authorities said both suspects appeared to have been inspired by ISIS and al-Qaeda, and one of them had researched bomb-making techniques and uploaded to the internet an oath of allegiance to the current leader of the Islamic State. "Law enforcement analysts over the last several months have seen online content posted by al-Qaeda-related and Hamas and Iranian-linked groups advocating violence as a way for people to respond to their concerns about what's going on in Gaza," Cohen said. 'COVID is a huge reason why it's more complicated' Neumann said the pandemic opened the door for terrorist groups to manipulate people during a time of extreme vulnerability. "COVID is a huge reason why it's more complicated," said Neumann, adding that the usual modus operandi of terrorist groups is "offering a certainty in an uncertain world." "It's offering this black-and-white answer of why the bad thing happened to them," Neumann said. "When you look at why people mobilize to violence or radicalize, it is not the ideology. The ideology is kind of the bow that comes on top after all of these other factors have kind of gotten into play for an individual." She added, "We, largely as a field, understand those that commit acts of violence have underlying psychosocial factors that have led them to this place where they are willing to be convinced that violence is the right solution for their problems." Neumann pointed to a 2023 poll by University of California, Davis Violence Prevention Research Program that found 32.8% of respondents considered violence to be usually or always justified to advance some political objectives. "And then you add to it, COVID, Oct. 7, social media, it's just a perfect cauldron for a lot of people to be led astray," Neumann said. In three of the alleged U.S. terrorist attacks that have occurred since mid-April, investigators said the suspects were motivated by the war to commit violence on American soil. The suspect in the April 13 firebombing of the Pennsylvania governor's residence allegedly targeted Gov. Shapiro, who is Jewish, "based upon perceived injustices to the people of Palestine," according to a criminal complaint. The man who allegedly gunned down two Israeli embassy staff members on May 21 outside the Capital Jewish Museum in Washington, D.C., was captured on video shouting "Free Palestine" following the shooting. Neither suspect has entered a plea. In Boulder, Colorado, on June 1, authorities say Soliman, shouting "free Palestine" and wielding a makeshift flamethrower and Molotov cocktails, targeted demonstrators, injuring 15. Soliman has been charged in both state and federal court. He is also charged with hate crimes in the federal case. He has yet to enter a plea to any of the charges. The year started off with the New Year's Day truck-ramming on Bourbon Street in New Orleans that left 14 people dead. The suspect, who was killed in a gunfight with police, had pledged support for ISIS, according to investigators. In a Facebook video the suspect posted as he drove to commit the attack, he said he "originally planned to harm his family and friends, but was concerned the news headlines would not focus on the 'war between the believers and the disbelievers.'" Cohen said, "Regional conflicts in the past were isolated events occurring in foreign lands. But because of the internet, they are now taking place in communities across America." A fifth terrorist attack, that was apparently unrelated to the Middle East war, occurred on May 17 in Palm Springs, California, where a car packed with large quantities of ammonium nitrate was detonated, allegedly by a 25-year-old man who investigators said died in the blast and lived by "pro-mortalism, anti-natalism, and anti-pro-life ideology," or the belief that people should not be born without their consent. An alleged co-conspirator in the Palm Springs attack was arrested this month with federal authorities saying he provided large quantities of ammonium nitrate to the suspect killed in the blast. The attacks in Washington, D.C., New Orleans and at Gov. Shapiro's Harrisburg, Pennsylvania, residence were all allegedly carried out by U.S. citizens, according to investigators. The suspect in the Boulder attack is an Egypt-born man who lived in Kuwait until he moved to Colorado three years ago and had overstayed his B2 tourist visa, investigators said. Additionally, a dual American-German citizen was arrested on May 19 after he allegedly attempted to attack the U.S. embassy in Tel Aviv, but was thwarted by a guard, investigators said. The suspect was captured after dropping a backpack filled with Molotov cocktails, authorities said. "We have to do a better job at maintaining awareness of the threat, and that means by tracking what foreign domestic threat actors or what foreign intelligence services terrorist groups are posting online, the types of attacks they're calling for and the techniques that they are promoting to conduct those attacks," Cohen said. "Law enforcement can take that intelligence then and have a better understanding of the targets that are at risk and ensure that security measures are put in place to reduce the likelihood that these types of public events would be targeted." Neumann said that the current threat environment requires an urgent response from the federal government. "As with everything that happens in Washington, there will be another attack of such a scale that people are going to say, 'We should do something,' and then all of a sudden, the money will flow, and then they'll be like, 'Oh, look, here's this new shiny object that we can solve this problem with,'" Neumann said. "It will get restarted, but we will have lost a long period of time and expertise and will have to make some similar mistakes again as we relearn. That's kind of sad, because in the intervening time people will die because we're not investing in this now."
New York Times
2 hours ago
- New York Times
Once Champions of Fringe Causes, Now in a ‘Trap of Their Own Making'
Dan Bongino, the intense and voluble media personality tapped by President Trump to be a top F.B.I. official, appeared on Fox News last month to deliver news that should not have been news: Jeffrey Epstein, he said with glum resignation, had not been murdered after all. 'I've seen the whole file,' said Mr. Bongino, sitting next to his boss, Kash Patel, the bureau's director. 'He killed himself.' Investigations into Mr. Epstein's 2019 death in a Manhattan prison cell found serious management errors but no evidence of criminality. Yet Mr. Trump, once a friend of the financier accused of sexually abusing dozens of teenage girls, has long suggested Mr. Epstein was silenced by shadowy clients of his sex trafficking ring. In a 2023 episode of his popular podcast, Mr. Bongino, now the bureau's No. 2 official, implored listeners, 'Please do not let that story go.' They obliged. A Trump-allied podcaster suggested the F.B.I. leaders were 'beholden to some unseen powers.' A former F.B.I. agent who has been critical of the bureau posted a parody of a law firm ad with Mr. Bongino standing next to a sign that read 'Trust Me & Bro Consulting.' Tucker Carlson, a friend of Mr. Bongino's, said Trump appointees were 'making a huge mistake, promising to reveal things and then not revealing them.' Alex Jones, a founding father of the modern conspiracy movement, referred to Mr. Patel's own handling of the Epstein case as flat-out 'gaslighting.' Mr. Patel and Mr. Bongino, partisan showmen placed in positions previously held by people with greater experience, earned their bona fides in Mr. Trump's camp by promoting conspiracy theories, making promises of what they would accomplish under Mr. Trump when he returned to power based on fictional or exaggerated premises, pledging to reveal deep-state secrets and vowing swift vengeance on their enemies. It has now fallen on Mr. Patel, Mr. Bongino and Attorney General Pam Bondi to make good on the promises explicit and implied — or show how hard they are trying. But they are running what amounts to a conspiracy theory fulfillment center with unstocked shelves, critics say. Want all of The Times? Subscribe.
Yahoo
2 hours ago
- Yahoo
FBI Seeking Man Seen 'Throwing Rocks' on Video in Los Angeles
The Federal Bureau of Investigation's deputy director announced on June 7 that the agency is seeking the man who was seen "throwing rocks' in Los Angeles in a viral video. The video emerged online as tensions escalated on June 7 in Los Angeles over the federal government's immigration enforcement. Meanwhile, Los Angeles Mayor Karen Bass criticized the federal actions in a statement of her own. "We are currently seeking information regarding the identity of the person(s) throwing rocks at vehicles conducting critical law enforcement operations," the FBI's Deputy Director Dan Bongino wrote on X on June 7. "One of the perpetrators in this video is wearing a helmet, and we're going to use our investigative tools to locate the individual. I strongly suggest you turn yourself in, it's only a matter of time," he added. The video shows a man on a sidewalk whipping rocks at passing vehicles. Bongino shared this X post with the video: Bongino added, "And yes, multiple arrests have already been made for obstructing our operations. More are coming." Meanwhile, Bass wrote, "This is a difficult time for our city. As we recover from an unprecedented natural disaster, many in our community are feeling fear following recent federal immigration enforcement actions across Los Angeles County." She added: "Reports of unrest outside the city, including in Paramount, are deeply concerning. We've been in direct contact with officials in Washington, D.C., and are working closely with law enforcement to find the best path forward. Everyone has the right to peacefully protest, but let me be clear: violence and destruction are unacceptable, and those responsible will be held accountable." In an earlier statement, she wrote, 'This morning, we received reports of federal immigration enforcement at multiple locations in Los Angeles. As Mayor of a proud city of immigrants, who contribute to our city in so many ways, I am deeply angered by what has taken place. These tactics sow terror in our communities and disrupt basic principles of safety in our city. My Office is in close coordination with immigrant rights community organizations. We will not stand for this.' Later in the evening of June 7, Defense Secretary Pete Hegseth wrote in a statement that "The @DeptofDefense is mobilizing the National Guard IMMEDIATELY to support federal law enforcement in Los Angeles. And, if violence continues, active duty Marines at Camp Pendleton will also be mobilized — they are on high alert." The Los Angeles County Sheriff's Department wrote in a news release, "On Saturday, June 7, 2025, at approximately 10:15 a.m., personnel from the Sheriff's Department responded to the 6400 Block of Paramount Boulevard in Paramount, following reports of a large crowd gathering in the area and obstructing traffic." The release added, "Upon arrival, deputies observed the presence of federal law enforcement officers and a significant number of individuals gathering to protest. As the situation escalated, the crowd of protesters became increasingly agitated, throwing objects and exhibiting violent behavior toward federal agents and deputy sheriffs. In response, the Los Angeles County Sheriff's Department (LASD) requested additional resources countywide, deploying additional deputies to maintain order."FBI Seeking Man Seen 'Throwing Rocks' on Video in Los Angeles first appeared on Men's Journal on Jun 8, 2025
