Users beware: This ransomware poses a threat to precious data.
The FBI has issued a warning regarding malicious malware that demands a ransom from victims in order to release their data.
Dubbed “Medusa,” the “ransomware-as-a-service” has affected more than 300 known people “from a variety of critical infrastructure sectors” since it was first discovered in 2021, according to a recent advisory penned by the Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency and the Multi-State Information Sharing and Analysis Center.
Cybercriminals — some of whom are paid by Medusa developers to break into targets’ accounts to the tune of $100 to $1 million — initially gain access to a person’s data through phishing or “exploitation or unpatched software vulnerabilities,” according to the advisory.
Then, the malicious actors will demand a ransom for victims to obtain their data and prevent it from being released, asking that the victim “make contact within 48 hours.”
“If the victim does not respond to the ransom note, Medusa actors will reach out to them directly by phone or email,” the advisory states.
According to the agencies, FBI investigations found that a victim was triple extorted in one case, in which they were contacted by another Medusa-related cybercriminal who claimed the first hacker had stolen the ransom amount and demanded another payment.
In order to protect themselves, people can follow the agencies’ tips and tricks for securing accounts and personal information to prevent data theft.
For instance, it is recommended that all accounts require password logins that are long and changed regularly, in addition to using multi-factor authentication — ideally using an authenticator app, not text messages — and keeping systems and software updated.
The agencies also advise keeping data and information backed up in another location, such as the cloud or on a hard drive, and encrypted. Additionally, be wary when clicking on links and opening or downloading attachments, especially when received via email or text. Email addresses can be easily spoofed and can look convincingly legit — even if they’re not.
If you accidentally open a link or download a file that proves to be malicious, don’t sweep it under the rug, experts warn.
“That is often the first reaction, and it is not ideal,” Ryan Kalember, the chief strategy officer at cybersecurity firm Proofpoint, told The Washington Post, urging that even a brief period of time before the cybercriminal can act is vital for an IT team to thwart an attack.
“When you fall for something, the attacker still has some window of time where they have to figure out what they’ve just got and whether it’s even worth taking advantage of.”
