US government warns Medusa ransomware has hit hundreds of critical infrastructure targets

News
By published

CISA report details modus operandi of Medusa ransomware

Code Skull
(Image credit: Shutterstock)
  • FBI, CISA, and MS-ISAC publish new report on Medusa ransomware
  • They claim the group struck hundreds of critical infrastructure firms
  • Agencies share advice on how to stay safe

Hundreds of critical infrastructure targets have fallen victim to Medusa ransomware over the last four years, a new US government report has warned, urging organizations to apply known mitigations and minimize the risk of an attack.

The Federal Bureau of Investigation, the US Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC), have issued a joint report saying more more than 300 organizations in the critical infrastructure sector have already fallen prey to the infamous group

"As of February 2025, Medusa developers and affiliates have impacted over 300 victims from a variety of critical infrastructure sectors with affected industries including medical, education, legal, insurance, technology, and manufacturing," the report says. "FBI, CISA, and MS-ISAC encourage organizations to implement the recommendations in the Mitigations section of this advisory to reduce the likelihood and impact of Medusa ransomware incidents."

Get Incogni at 55% off with code TECHRADAR

Get Incogni at 55% off with code TECHRADAR
Remove your personal information from the internet with ease. Incogni protects your online
identity and reduces unwanted robocalls and spam emails.

Preferred partner (What does this mean?

View Deal

Mitigating risks

The recommendations include mitigating known vulnerabilities and making sure operating systems, software, and firmware are patched on time, segmenting networks to hinder attempts at lateral movement, and filtering network traffic by blocking access from untrusted origins.

Medusa first emerged in 2021, but since it was originally intended to be a closed ransomware variant, its success was somewhat limited. A few years later, the operation evolved into a Ransomware-as-a-Service (RaaS) with an affiliate model, which propelled it into one of the most dangerous variants out there.

"Medusa developers typically recruit initial access brokers (IABs) in cybercriminal forums and marketplaces to obtain initial access to potential victims," the report claims. "Potential payments between $100 USD and $1 million USD are offered to these affiliates with the opportunity to work exclusively for Medusa."

Some of the more notable victims include the Minneapolis Public School District, which suffered a significant breach resulting in the exposure of sensitive information such as psychological reports and abuse allegations. Other affected sectors encompass healthcare, manufacturing, technology, legal, insurance, and education industries.

Via BleepingComputer

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
data recovery
Ghost ransomware has hit firms in over 70 countries, FBI and CISA warn
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
UK private health services firm told to pay up $2m for ransomware hit
An American flag flying outside the US Capitol building against a blue sky
US military and defense contractors hit with Infostealer malware
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
More reports claim 2024 was the worst year for ransomware attacks yet
security
Ransomware gangs allegedly hit two major US healthcare firms, 300,000 patients have data stolen
Digital image of a lock.
US government warns water firms to secure infrastructure at risk online
Latest in Security
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Code Skull
US government warns Medusa ransomware has hit hundreds of critical infrastructure targets
An American flag flying outside the US Capitol building against a blue sky
The FCC is creating a security council to bolster US defenses against cyberattacks
Image depicting hands typing on a keyboard, with phishing hooks holding files, passwords and credit cards.
Microsoft warns about a new phishing campaign impersonating Booking.com
Ransomware
Microsoft uncovers sleuthy new XCSSET MacOS malware campaign
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Meta warns of worrying security flaw hitting open source type software
Latest in News
Rainbow Six Siege X promotional art.
The Tom Clancy's Rainbow Six Siege X 6v6 mode might finally pull me away from Black Ops 6
A close up of the new web version of Apple Music Classical
Apple Music Classical is now available on the web, but its Mac app is still nowhere in sight
Silent Hill f
Silent Hill f will present players with 'a beautiful yet terrifying choice', and I can't wait to see what it is
Google Chromecast 2
Google is finally rolling out a fix for broken Chromecasts – just as new bugs appear on the Chromecast with Google TV
Garmin Instinct 3 in Neotropic Green
"I'm an idiot": Garmin user reveals how fixing one setting completely changed their training after months of making no progress
The main battle pass characters in Fortnite Lawless, including Midas, Sub Zero and a large wolf-man
You'll finally be able to play Fortnite on Windows 11 Arm-powered laptops as Epic Games partners with Qualcomm
More about security
Abstract image of cyber security in action.

MassJacker malware targets those looking for pirated software
An American flag flying outside the US Capitol building against a blue sky

The FCC is creating a security council to bolster US defenses against cyberattacks
Curaprox Hydrosonic Pro electric toothbrush

Curaprox Hydrosonic Pro review: A powerful seven-mode, Swiss-made sonic brush

See more latest
Most Popular
A close up of the new web version of Apple Music Classical
Apple Music Classical is now available on the web, but its Mac app is still nowhere in sight
Silent Hill f
Silent Hill f will present players with 'a beautiful yet terrifying choice', and I can't wait to see what it is
Rainbow Six Siege X promotional art.
The Tom Clancy's Rainbow Six Siege X 6v6 mode might finally pull me away from Black Ops 6
A woman holds a phone and looks concerned in Caught
Netflix drops an eerie trailer for a new Harlan Coben show – I just hope Caught is better than the author's previous TV adaptations
The TikTok logo appears on a smartphone screen with the United States flag in the background
Oracle could still end up running TikTok
Google Chromecast 2
Google is finally rolling out a fix for broken Chromecasts – just as new bugs appear on the Chromecast with Google TV
Apple iPhone 16e REVIEW
Some iPhone 16e owners are reporting Bluetooth audio issues that could be an iOS problem
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
The main battle pass characters in Fortnite Lawless, including Midas, Sub Zero and a large wolf-man
You'll finally be able to play Fortnite on Windows 11 Arm-powered laptops as Epic Games partners with Qualcomm
Garmin Instinct 3 in Neotropic Green
"I'm an idiot": Garmin user reveals how fixing one setting completely changed their training after months of making no progress