Cybersecurity experts urge email users to take steps to guard against vicious ransomware scheme

CBS News

20-03-2025

Federal cybersecurity officials are out with an urgent warning to protect your email accounts and personal data.
A dangerous ransomware scheme first identified in 2021 is picking up speed, breaching the data of hundreds of people.
The vicious ransomware is called Medusa.
Jeffrey Seaman, a cybersecurity expert and applied computer science associate professor at Point Park University, calls it blackmail in the modern age.
"The crazy thing about it, it's like one of those movies you see on TV and you're like, oh, this can't happen. Then you know it really can happen. That's how dangerous and scary it could be," Seaman said.
Federal authorities say users of Gmail, Outlook, and other popular email services are at risk.
"I would just say more people are falling for it because it's unique because it's not just for commercial companies, but it also involves individuals like yourself or me....It's almost like a phishing email. So, you receive an email something looks too good to be true. You click on it. And a lot of times people do not even know their system has been exploited by this virus," he said.
The FBI, Cybersecurity and Infrastructure Security Agency, and the Multi-State Information Sharing and Analysis Center released an advisory to alert people about Medusa, which is a ransomware-as-a-service provider. According to the advisory, Medusa's developers typically recruit cyber criminals to work for them.
Seaman said these hackers look for vulnerabilities in your operating system.
"So, if you do not have patching updates. So, keep your system up to date. And what it does is it looks for everything that you basically do on your computer. It could be banking, it could be searching the internet. It could be Facebook. It could be anything," he said.
The "Medusa actors" use a double extortion model.
First, they hold data hostage.
"It finds stuff that you don't want out there, such as social security number or bank account number or checking account, etc.," said Seaman.
Then they send a scary pop-up to the victim's screen.
"They reach out to you, and they say, hey, you know, you pay X, Y, and Z. And we will not exploit you. If not, we'll exploit you....You have a time frame And that's what's so scary about it," he said,
Seaman said everyone should take extra steps to protect their email accounts.
His tips include:
"Use something like 22 characters. Use not just characters, but using merit characters, and different numbers, but also change every three months. And I tell people all the time. Use multi-factor authentication. Use a couple of them. Use your cell phone number. Use a device such as Google Authenticator, or Microsoft," Seaman said.
In his opinion, it's better to be safe than sorry.
"So, if you don't want your life ruined, I say be safe as possible. You know, take all the precautions. I mean, you might take the precautions, and you still might be a victim, but it's best to try to be safe," said Seanan.