The FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have issued a warning regarding a growing ransomware threat targeting popular email services like Gmail and Outlook. The alert concerns the Medusa ransomware group, which has been active since 2021.
Medusa is now operating under an affiliate model, with key operations, including ransom negotiations, still controlled by the developers. The group uses a double extortion strategy, encrypting victims' data and threatening to release stolen information if the ransom is not paid.
As of February 2025, over 300 organizations across various industries, including healthcare, education, legal, insurance, technology, and manufacturing, have been affected. Medusa typically deploys phishing campaigns and exploits unpatched software vulnerabilities to compromise systems, holding them "hostage" until a ransom is paid.
To protect against these threats, the FBI and CISA recommend using strong, unique passwords, enabling multifactor authentication for email, VPNs, and critical system accounts, and ensuring that all operating systems, software, and firmware are kept up to date.