Cybersecurity Advisory Seeks to Defuse Medusa Ransomware Threat
/

Cybersecurity Advisory Seeks to Defuse Medusa Ransomware Threat

1 min read

A newly released joint advisory of the Cybersecurity and Infrastructure Security Agency, FBI and the Multi-State Information Sharing and Analysis Center offers ways to detect and counter the Medusa ransomware. Phishing attacks and targeting vulnerable unpatched software are the common tactics of Medusa actors, CISA said Wednesday.

The 15-page advisory titled “#StopRansomware: Medusa Ransomware” provides a downloadble list of indicators of compromise enumerating the hashes of malicious files that Medusa actors deploy in targeted systems. 

Patching and Other Mitigation Steps

The advisory offers several mitigation measures for immediate deterrence of the ransomware’s activity, such as patching prioritization of internet-facing systems. It also recommends network segmentation to limit lateral movement of breaches from initially infected devices to other units in an organization. Additional protection can be achieved by filtering network traffic to prevent data request access from unknown or untrusted origins, according to the advisory.

Medusa was first tracked in 2021 as a double extortion model encrypting victims with compromising data and threatening to publicize the exfiltrated confidential information if no ransom is paid. CISA noted that the ransomware has perpetrated 300 attacks as of January, with target victims in critical industries, such medical, education, insurance and manufacturing.

In February, CISA and its partners also issued a joint alert and defense measures against the Ghost ransomware targeting internet-facing services operating on outdated software or firmware.