A newly released joint advisory of the Cybersecurity and Infrastructure Security Agency, FBI and the Multi-State Information Sharing and Analysis Center offers ways to detect and counter the Medusa ransomware. Phishing attacks and targeting vulnerable unpatched software are the common tactics of Medusa actors, CISA said Wednesday.
The 15-page advisory titled “#StopRansomware: Medusa Ransomware” provides a downloadble list of indicators of compromise enumerating the hashes of malicious files that Medusa actors deploy in targeted systems.
Patching and Other Mitigation Steps
The advisory offers several mitigation measures for immediate deterrence of the ransomware’s activity, such as patching prioritization of internet-facing systems. It also recommends network segmentation to limit lateral movement of breaches from initially infected devices to other units in an organization. Additional protection can be achieved by filtering network traffic to prevent data request access from unknown or untrusted origins, according to the advisory.
Medusa was first tracked in 2021 as a double extortion model encrypting victims with compromising data and threatening to publicize the exfiltrated confidential information if no ransom is paid. CISA noted that the ransomware has perpetrated 300 attacks as of January, with target victims in critical industries, such medical, education, insurance and manufacturing.
In February, CISA and its partners also issued a joint alert and defense measures against the Ghost ransomware targeting internet-facing services operating on outdated software or firmware.
Related Articles
Pete Hegseth, secretary of the Department of Defense and a 2025 Wash100 awardee, has issued a memorandum directing the secretary of the Army to establish the Joint Interagency Task Force 401, or JIATF 401, to accelerate the delivery of counter-small unmanned aircraft systems, or C-sUAS, to U.S. warfighters. DOD said Thursday JIATF 401 will report directly to the deputy secretary of defense and replace the Joint C-sUAS Office, or JCO. “We’re moving fast — cutting through bureaucracy, consolidating resources, and empowering this task force with the utmost authority to outpace our adversaries,” Hegseth said. Responsibilities of JIATF 401 & New
The Department of the Army has released its revised document on acquisition procedures. According to the department’s PAM 70-3 document posted Wednesday on the Army Publishing Directorate’s website, the major revision incorporates the Adaptive Acquisition Framework; replaces virtual in sight with the Acquisition Information Repository; eliminates a requirement to assess probability of success; and accounts for Army organizational changes implemented for U.S. Army Futures Command’s formation. The revised Army pamphlet also incorporates guidance from an Army directive, titled Enabling Modernization Through the Management of Intellectual Property, and adds semiannual program reporting requirements. Adaptive Acquisition Framework According to the pamphlet, the
The Government Accountability Office is urging the Department of the Treasury’s Chief Information Officer Sam Corcos to address 21 open recommendations related to improving IT management and strengthening federal cybersecurity. Key Recommendations for Treasury Department’s CIO In a new report, the congressional watchdog said the recommendations are related to areas that GAO has designated as high risk: ensuring the cybersecurity of the nation and improving IT acquisitions and management. One of the cybersecurity-related recommendations provided by GAO calls for the department to commit to a timeframe for the implementation of multifactor authentication across software-as-a-service. The report also pointed out that