CyberSecurity news
FlagThis
do son@Cybersecurity News
//
The Medusa ransomware operation has significantly impacted critical infrastructure sectors, affecting over 300 organizations in the United States by February 2025. According to CISA, these attacks have targeted essential services across various industries, including medical, education, legal, insurance, technology, and manufacturing. This widespread impact highlights the vulnerability of critical infrastructure and the potential for severe disruptions. The healthcare sector has been a primary target, with ransom demands ranging from $100,000 to $15 million, potentially disrupting patient care and compromising sensitive data.
Educational institutions have also been significantly affected, with 21 attacks reported in February 2025 alone. These attacks disrupt academic activities and compromise personal information of students and staff. In response, CISA, in partnership with the FBI and MS-ISAC, released a joint Cybersecurity Advisory providing tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), and detection methods associated with known Medusa ransomware activity. The advisory encourages organizations to ensure operating systems and software are up to date, segment networks to restrict lateral movement, and filter network traffic to prevent unauthorized access.
ImgSrc: securityonline.
References :
Educational institutions have also been significantly affected, with 21 attacks reported in February 2025 alone. These attacks disrupt academic activities and compromise personal information of students and staff. In response, CISA, in partnership with the FBI and MS-ISAC, released a joint Cybersecurity Advisory providing tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), and detection methods associated with known Medusa ransomware activity. The advisory encourages organizations to ensure operating systems and software are up to date, segment networks to restrict lateral movement, and filter network traffic to prevent unauthorized access.
ImgSrc: securityonline.
Share:
References :
- Industrial Cyber: Recent findings from Symantec indicate a significant rise in Medusa ransomware activity, which is reportedly being operated as...
- securityaffairs.com: Medusa ransomware has claimed nearly 400 victims since January 2023, with attacks increasing by 42% between 2023 and 2024.
- : Symantec found that Medusa has listed almost 400 victims on its data leaks site since early 2023, demanding ransom payments as high as $15m
- Broadcom Software Blogs: Attacks using this ransomware have displayed consistent TTPs and grown steadily since 2023.
- bsky.app: CISA says the Medusa ransomware operation has impacted over 300 organizations in critical infrastructure sectors in the United States until last month.
- The DefendOps Diaries: Medusa Ransomware: A Growing Threat to Critical Infrastructure
- RedPacket Security: CISA: CISA and Partners Release Cybersecurity Advisory on Medusa Ransomware
- gbhackers.com: Medusa Ransomware Hits 300+ Critical Infrastructure Organizations Worldwide
- securityonline.info: FBI, CISA, and MS-ISAC Warn Organizations About Medusa Ransomware Attacks
- www.bleepingcomputer.com: CISA: Medusa ransomware hit over 300 critical infrastructure orgs
- securityaffairs.com: Medusa ransomware hit over 300 critical infrastructure organizations until February 2025
- Industrial Cyber: US exposes Medusa ransomware threat, as over 300 organizations targeted across critical infrastructure sector
- www.itpro.com: CISA issues warning over Medusa ransomware after 300 victims from critical sectors impacted
- CyberInsider: FBI: Medusa Ransomware Has Breached 300 Critical Infrastructure Organizations
- www.tripwire.com: The Medusa ransomware gang continues to present a major threat to the critical infrastructure sector, according to a newly-released - with at least one organisation hit with a "triple-extortion" threat. Read more in my article on the Tripwire State of Security blog.
- Resources-2: On March 12, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) released a joint advisory on Medusa ransomware [1]. Medusa ransomware emerged as Ransomware-as-a-Service in June 2021 and gained infamy by compromising over 300 victims from critical infrastructure sectors, including healthcare, insurance, technology, manufacturing, legal, and technology.
- : CISA, FBI Warn of Medusa Ransomware Impacting Critical Infrastructure
- www.cybersecuritydive.com: The ransomware-as-a-service gang tallied more than 300 victims in industries such as healthcare, manufacturing and technology.
- The Register - Security: Medusa ransomware affiliate tried triple extortion scam – up from the usual double demand
- DataBreaches.Net: #StopRansomware: Medusa Ransomware
- hackread.com: FBI and CISA Urge Enabling 2FA to Counter Medusa Ransomware
- Talkback Resources: #StopRansomware: Medusa Ransomware | CISA [net] [mal]
- Tenable Blog: Cybersecurity Snapshot: Medusa Ransomware Impacting Critical Infrastructure, CISA Warns, While NIST Selects New Quantum-Resistant Algorithm
- SOC Prime Blog: Medusa Ransomware Detection: The FBI, CISA & Partners Warn of Increasing Attacks by Ransomware Developers and Affiliates Against Critical Infrastructure
- www.itpro.com: CISA issues warning over Medusa ransomware after 300 victims from critical sectors impacted
Classification:
- HashTags: #Ransomware #Medusa #CriticalInfrastructure
- Company: CISA
- Target: Critical Infrastructure Organizations
- Attacker: Medusa
- Feature: Ransomware-as-a-Service
- Malware: Medusa
- Type: Ransomware
- Severity: Major