FBI and CISA warn of a new wave of ransomware attacks
FBI Headquarters: Washington, D.C. (Photo: Getty Images)
The Federal Bureau of Investigation (FBI) and the US Cybersecurity and Infrastructure Security Agency (CISA) have reported a surge in Medusa ransomware attacks, posing a serious threat to businesses and organizations worldwide, reports AP News.
Medusa, active since 2021, follows a double extortion model - encrypting victims’ data and threatening to leak it unless a ransom is paid. Hackers gain access through phishing campaigns, stealing credentials, and exploiting unpatched vulnerabilities such as CVE-2024-1709 (ScreenConnect) and CVE-2023-48788 (Fortinet EMS SQL injection).
The ransomware spreads within networks using Advanced IP Scanner, SoftPerfect Network Scanner, PowerShell, and Windows Management Instrumentation (WMI) to move undetected. Medusa also leverages RDP, PsExec, and remote access tools like AnyDesk, ConnectWise, and Splashtop for lateral movement and encryption.
Victims see a countdown timer on Medusa’s leak site, with an option to delay data exposure for $10,000 per day in cryptocurrency. Authorities warn that the group actively recruits cybercriminals, paying up to $1 million for access to compromised systems.
Medusa’s expanding reach and growing cyber threats
Since February 2025, Medusa has already attacked over 300 organizations in healthcare, education, insurance, technology, and manufacturing, making it one of the most active ransomware threats this year.
The surge in cyberattacks is part of a broader trend of escalating digital threats, as demonstrated by the recent Chinese hacker breach of the US Treasury’s sanctions office. This highlights the growing risks not only for businesses but also for government institutions worldwide.
