Update, March 15, 2025: This story, originally published March 13, has been updated with expert comment from infosecurity professionals following the warning of Medusa ransomware attacks and the urgent FBI mitigation advice.
The Federal Bureau of Investigation has recently warned of weird ransomware attack threats delivered by the United States Postal Service, yes really, alongside a dangerous ransowmare campaign from so-called Ghost attackers, and some of the most sophisticated threats against Gmail users ever. Having previously also advised users to use two-factor authentication to mitigate such attacks, a newly published FBI industry alert has rolled the mitigation advice into one as ongoing attacks by the Medusa ransomware gang continue. Enable 2FA for webmail services such as Gmail and Outlook, as well as for VPNs, the FBI has warned. And enable it now. Here’s what you need to know.
FBI And CISA Issue Medusa Ransomware Industry Joint Alert
Medusa, a highly dangerous ransomware-as-a-service provider, known to have impacted at least 300 victims from the critical infrastructure sector since the campaign was first observed in June 2021, is known to employ both social engineering and unpatched software vulnerability exploitation during attacks. FBI investigations as recently as February have enabled intelligence agencies to assemble a dossier of tactics, techniques, and procedures, indicators of compromise, and detection methods associated with the threat actors.
In partnership with the U.S. Cybersecurity and Infrastructure Security Agency, the FBI has issued a joint March 12 cybersecurity advisory against the backdrop of attacks by the Medusa ransomware group. The full FBI alert, AA25-071A, goes into great depth regarding the technicalities of the Medusa operation. As such, it is of importance that this should be read by all cyber-defenders. However, for the purposes of this article I am going to focus on the attack mitigation advice offered by the FBI.
