Latest news with #MS-ISAC
Business Wire
06-05-2025
- Business
- Business Wire
Cyware Launches Threat Intelligence Solutions for SLTT Governments
NEW YORK--(BUSINESS WIRE)--Cyware, the industry leader in threat intelligence operationalization, collaboration, and orchestrated response, today launched its suite of cybersecurity solutions for State, Local, Tribal, and Territorial (SLTT) governments across the United States. As cyberattacks on public infrastructure grow in scale and sophistication, Cyware empowers SLTT cybersecurity teams with unified threat intelligence management, sharing capabilities, and hyper-orchestration and automation – enabling them to transform fragmented data into coordinated action and deliver collective defense for critical government services and communities. SLTT agencies play a pivotal role in national cyber resilience, yet they face mounting pressure from persistent threat actors and evolving attack methods. Recent MS-ISAC data shows that 37% of SLTT agencies lack confidence in handling cyber incidents, while 77% point to poor coordination as a major barrier to statewide cybersecurity. 'With cyber threats growing more sophisticated and interlinked, unified intelligence and collaboration are no longer optional – they're essential,' said Tom Stockmeyer, Managing Director of Government at Cyware. 'Our platform is designed from the ground up to help SLTT governments modernize their cyber operations, share intelligence seamlessly, and respond to threats with the speed and precision that today's environment demands.' Cyware's AI-powered platform enables SLTT teams to centralize and automate threat detection, indicator sharing, and mitigation – shifting from reactive monitoring to real-time, coordinated cyber defense across jurisdictions. The platform integrates easily with key federal and sector-specific resources like CISA's Automated Indicator Sharing (AIS) program and multiple Information Sharing and Analysis Centers (ISACs), including MS-ISAC, Health-ISAC, Maritime Transportation Services-ISAC, Aviation-ISAC, Research & Education Network ISAC, and the National Rural Electric Cooperative. Anuj Goel, co-founder and CEO of Cyware, added: 'SLTT governments are on the front lines of cybersecurity, yet too often face resource limitations and fragmented tools. With this launch, we're bringing them a unified, mission-ready solution that turns information into coordinated action. Action that delivers the threat visibility, automation, and cross-agency collaboration they need to better protect their communities.' The platform is highly scalable, with flexible deployment options – whether in the cloud or on-premises – allowing agencies of all sizes to tailor implementations to their operational needs. Cyware is currently 'StateRAMP In Process,' signaling a commitment to meeting the compliance and procurement requirements of public-sector buyers. In addition, Cyware's capabilities align with strategic initiatives such as the State and Local Cybersecurity Grant Program (SLCGP), helping SLTT agencies maximize available federal and state funding while improving ROI and cyber readiness. In recognition of these innovations, Cyware was recently named the 2025 winner of Security Today's prestigious GOVIES Award for excellence in AI-driven cyber threat management. This industry honor reflects our deep commitment to delivering advanced threat intelligence solutions designed specifically for SLTT governments and federal agencies. To learn how Cyware enhances SLTT cyber resilience, schedule a demo at You can also meet the Cyware team at the Information Security Forum for Texas Government in May and the ISAC Annual Meeting in June. Cyware is leading the industry in operational threat Intelligence and collective defense, helping security teams transform threat intelligence from fragmented data points to actionable, real-time decisions. We unify threat intelligence management, intel sharing and collaboration, as well as hyper-orchestration and automation — eliminating silos and enabling organizations to outmaneuver adversaries faster and more effectively. From enterprises to government agencies and ISACs, Cyware empowers defenders to turn intelligence into impact.
Yahoo
19-03-2025
- Yahoo
FBI warns of possible Outlook, Gmail cyberattacks
The FBI is warning users of popular email services such as Outlook and Gmail that they could be subject to cyberattacks by ransomware called Medusa, which has impacted more than 300 victims from a number of sectors, including technology, legal, medical and manufacturing. Medusa, a ransomware-as-a-service that was first identified in June, was spotted as recently last month, according to an advisory released last week by the FBI, the Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC). 'Both Medusa developers and affiliates—referred to as 'Medusa actors' in this advisory—employ a double extortion model, where they encrypt victim data and threaten to publicly release exfiltrated data if a ransom is not paid,' the agencies said in the March 12 advisory. Medusa developers normally recruit initial access brokers in marketplaces and cybercriminal forums, paying them between $100,000 and $1 million with an opportunity to solely work for a hacking organization. Those brokers are known to use common techniques like phishing campaigns and exploiting unpatched software vulnerabilities, according to the advisory. 'The ransom note demands victims make contact within 48 hours via either a Tor browser-based live chat, or via Tox, an end-to-end encrypted instant-messaging platform,' the agencies wrote. 'If the victim does not respond to the ransom note, Medusa actors will reach out to them directly by phone or email.' A victim was extorted three times in one case, according to an FBI investigation. The victim was contacted by another Medusa actor who contended that the main hacker stole the ransom amount and asked for another payment. The FBI, CISA and MS-ISAC outlined some steps users can take to protect themselves from Medusa ransomware. Users should protect all accounts with passwords, ideally having longer passcodes that are changed often. Multifactor authentication should be in place. Copies of sensitive data, in the form of hard drives, the cloud and storage devices, should be developed for recovery. Users should also have offline backs of data that ideally are encrypted. The operating systems of devices should be up to date. If users open phishing links or attachments, they should not simply ignore the step, according to Ryan Kalember, the chief strategy officer at security firm Proofpoint. 'That is often the first reaction, and it is not ideal,' he told The Washington Post. 'When you fall for something, the attacker still has some window of time where they have to figure out what they've just got and whether it's even worth taking advantage of.' Copyright 2025 Nexstar Media, Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
Yahoo
17-03-2025
- Yahoo
Officials warn against dangerous Medusa ransomware attacks. Here's how to stay protected.
JACKSONVILLE, Fla. – Federal cybersecurity agencies and the FBI have warned the public against a dangerous ransomware scheme that has affected hundreds of people. The FBI, Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) issued a joint cybersecurity advisory last week to share information about Medusa ransomware. The advisory is part of CISA's ongoing #StopRansomware initiative, which flags ransomware variants and threat actors, as well as their observed tactics, techniques, and procedures. Medusa is a ransomware-as-a-service provider first identified in June 2021, according to the advisory. As of February, Medusa has impacted over 300 victims from multiple critical infrastructure sectors and industries, including medical, education, legal, insurance, technology, and manufacturing. Originally, Medusa operated as a closed ransomware variant where all development and associated operations were controlled by the same group of cyber threat actors. It has since shifted toward an affiliate model, where developers and affiliates — called "Medusa actors" — use a double extortion model "where they encrypt victim data and threaten to publicly release exfiltrated data if a ransom is not paid," according to the advisory. The ransom note demands victims make contact within 48 hours through a browser-based live chat or an end-to-end encrypted instant messaging platform, according to the advisory. Victims can also be contacted directly by Medusa actors via phone or email if they do not respond to the ransom note. Medusa also operates a data leak site, which shows victims alongside countdowns to the release of information, according to the advisory. "Ransom demands are posted on the site, with direct hyperlinks to Medusa-affiliated cryptocurrency wallets," the advisory stated. "At this stage, Medusa concurrently advertises sale of the data to interested parties before the countdown timer ends. Victims can additionally pay $10,000 USD in cryptocurrency to add a day to the countdown timer." How worried should we be? Cyberattacks on critical US infrastructure keep happening. The FBI, CISA, and MS-ISAC recommended some actions organizations should take immediately to protect against Medusa ransomware threats: Require VPNs or Jump Hosts for remote access. Monitor for unauthorized scanning and access attempts. Require employees to use long passwords and consider not requiring frequently recurring password changes, which can weaken security. Require multi-factor authentication for all services to the extent possible, especially for Gmail and email, virtual private networks, and accounts that access critical systems. Keep all operating systems, software, and firmware up to date. Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, and secure location (e.g., hard drive, storage device, the cloud). Segment networks to prevent the spread of ransomware. Identify, detect, and investigate abnormal activity and potential traversal of the indicated ransomware with a networking monitoring tool. To aid in detecting the ransomware, implement a tool that logs and reports all network traffic, including lateral movement activity on a network. What to know: 2.9 billion records, including Social Security numbers, stolen in data hack In recent years, the federal government has doubled down on efforts to thwart global cybercrime, which has become increasingly widespread. Federal agencies have issued multiple advisories that warned against the threat of cyberattacks. Cybercrime is a "significant and growing threat" to national and economic security, according to the Department of State. As people become more dependent on information and communication technologies, the department said more criminals continue to shift to online schemes. Cyber crimes can range from intellectual property theft to ransomware, potentially costing businesses billions of dollars in losses and threatening critical sectors across the country, according to the Department of State. The surge in malicious cyber incidents coincides with the rise in online communication during the COVID-19 pandemic, according to a 2023 cyberthreat study. Citing FBI data, the study said cybercrime increased by 400% during the pandemic. Several high-profile cyberattacks have made headlines in recent months. In March, 12 Chinese citizens were accused of cyber-hacking to steal data from the Treasury Department and other organizations worldwide. In January, USA TODAY reported that a UnitedHealth data hack impacted 1 in 2 Americans. Hackers exposed or stole medical records from about 190 million people in February 2024. Last October, federal prosecutors announced that two Sudanese citizens faced charges for running a guerilla computer hacking group that sought to "declare cyberwar on the United States" by targeting the FBI, hospitals, Hulu, Netflix, CNN, Microsoft, Reddit, and X, among others. Contributing: Bart Jansen, Krystal Nurse, and Minnah Arshad, USA TODAY This article originally appeared on Florida Times-Union: Medusa ransomware cyberattacks pose a significant threat to security
USA Today
17-03-2025
- Business
- USA Today
Officials warn against dangerous Medusa ransomware attacks. Here's how to stay protected.
Officials warn against dangerous Medusa ransomware attacks. Here's how to stay protected. Show Caption Hide Caption What to do if your personal information is compromised If your personal information is ever compromised due to a data breach, here's what to do. Damien Henderson, USA TODAY JACKSONVILLE, Fla. – Federal cybersecurity agencies and the FBI have warned the public against a dangerous ransomware scheme that has affected hundreds of people. The FBI, Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) issued a joint cybersecurity advisory last week to share information about Medusa ransomware. The advisory is part of CISA's ongoing #StopRansomware initiative, which flags ransomware variants and threat actors, as well as their observed tactics, techniques, and procedures. Medusa is a ransomware-as-a-service provider first identified in June 2021, according to the advisory. As of February, Medusa has impacted over 300 victims from multiple critical infrastructure sectors and industries, including medical, education, legal, insurance, technology, and manufacturing. Originally, Medusa operated as a closed ransomware variant where all development and associated operations were controlled by the same group of cyber threat actors. It has since shifted toward an affiliate model, where developers and affiliates — called "Medusa actors" — use a double extortion model "where they encrypt victim data and threaten to publicly release exfiltrated data if a ransom is not paid," according to the advisory. The ransom note demands victims make contact within 48 hours through a browser-based live chat or an end-to-end encrypted instant messaging platform, according to the advisory. Victims can also be contacted directly by Medusa actors via phone or email if they do not respond to the ransom note. Medusa also operates a data leak site, which shows victims alongside countdowns to the release of information, according to the advisory. "Ransom demands are posted on the site, with direct hyperlinks to Medusa-affiliated cryptocurrency wallets," the advisory stated. "At this stage, Medusa concurrently advertises sale of the data to interested parties before the countdown timer ends. Victims can additionally pay $10,000 USD in cryptocurrency to add a day to the countdown timer." How worried should we be? Cyberattacks on critical US infrastructure keep happening. How to protect your organization from Medusa ransomware The FBI, CISA, and MS-ISAC recommended some actions organizations should take immediately to protect against Medusa ransomware threats: Require VPNs or Jump Hosts for remote access. Monitor for unauthorized scanning and access attempts. Require employees to use long passwords and consider not requiring frequently recurring password changes, which can weaken security. Require multi-factor authentication for all services to the extent possible, especially for Gmail and email, virtual private networks, and accounts that access critical systems. Keep all operating systems, software, and firmware up to date. Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, and secure location (e.g., hard drive, storage device, the cloud). Segment networks to prevent the spread of ransomware. Identify, detect, and investigate abnormal activity and potential traversal of the indicated ransomware with a networking monitoring tool. To aid in detecting the ransomware, implement a tool that logs and reports all network traffic, including lateral movement activity on a network. What to know: 2.9 billion records, including Social Security numbers, stolen in data hack Recent cyberattacks on critical infrastructure In recent years, the federal government has doubled down on efforts to thwart global cybercrime, which has become increasingly widespread. Federal agencies have issued multiple advisories that warned against the threat of cyberattacks. Cybercrime is a "significant and growing threat" to national and economic security, according to the Department of State. As people become more dependent on information and communication technologies, the department said more criminals continue to shift to online schemes. Cyber crimes can range from intellectual property theft to ransomware, potentially costing businesses billions of dollars in losses and threatening critical sectors across the country, according to the Department of State. The surge in malicious cyber incidents coincides with the rise in online communication during the COVID-19 pandemic, according to a 2023 cyberthreat study. Citing FBI data, the study said cybercrime increased by 400% during the pandemic. Several high-profile cyberattacks have made headlines in recent months. In March, 12 Chinese citizens were accused of cyber-hacking to steal data from the Treasury Department and other organizations worldwide. In January, USA TODAY reported that a UnitedHealth data hack impacted 1 in 2 Americans. Hackers exposed or stole medical records from about 190 million people in February 2024. Last October, federal prosecutors announced that two Sudanese citizens faced charges for running a guerilla computer hacking group that sought to "declare cyberwar on the United States" by targeting the FBI, hospitals, Hulu, Netflix, CNN, Microsoft, Reddit, and X, among others. Contributing: Bart Jansen, Krystal Nurse, and Minnah Arshad, USA TODAY
