5 hours Ago
Federal authorities are warning Gmail and Outlook users about a ransomware known as "Medusa." The ransomware, used by hacker groups to extort victims, has compromised the data of hundreds of people across various sectors, including medical , education, legal, insurance, technology, and manufacturing. Newsweek contacted the FBI for more information via email.
Why It Matters Ransomware attacks lock vital computer files away from their owners and demand a fee to return them. They have the potential to completely cripple an individual or a company's entire online presence . What To Know First identified in June 2021, Medusa operates as a ransomware-as-a-service (RaaS), enabling cybercriminals to execute double extortion attacks, which involves encrypting victims' data and threatening to publicly release the stolen information if the ransom is not paid.
The group behind Medusa maintains a data-leak site displaying victims alongside countdowns to data release, with options to delay the timer for a $10,000 cryptocurrency payment. The Medusa ransomware is reportedly operated by a group tracked as Spearwing. Since its emergence in early 2023, Spearwing has amassed nearly 400 victims, with ransom demands ranging from $100,000 to $15 million.
The group employs common infiltration techniques such as phishing campaigns and exploiting unpatched software vulnerabilities. They have also hijacked legitimate accounts, including those of healthcare organizations, to facilitate their attacks. The Cybersecurity and Infrastructure Security Agency and the FBI issued a joint advisory on March 12, 2025, as part of the ongoing #StopRansomware initiative.
Their advice to counter any ransomware attacks against employers include implementing a multifactor authentication system, and monitoring network usage. "The RaaS Medusa variant has been used to conduct ransomware attacks from 2021 to present," the FBI said in a statement. "Medusa originally operated as a closed ransomware variant, meaning all development and associated operations were controlled by the same group of cyber threat actors.
"While Medusa has since progressed to using an affiliate model, important operations such as ransom negotiation are still centrally controlled by the developers. Both Medusa developers and affiliates—referred to as 'Medusa actors' in this advisory—employ a double extortion model, where they encrypt victim data and threaten to publicly release exfiltrated data if a ransom is not paid." What People Are Saying In a statement describing the ransomware method, t he Cybersecurity and Infrastructure Security Agency said : "FBI investigations identified that after paying the ransom, one victim was contacted by a separate Medusa actor who claimed the negotiator had stolen the ransom amount already paid and requested half of the payment be made again to provide the 'true decryptor'— potentially indicating a triple extortion scheme.
" What Happens Next Federal agencies are continuing to investigate and counter the ransomware. They have advised all users to avoid any suspicious links and untrustworthy emails. Do you have a story we should be covering? Do you have any questions about this article? Contact LiveNews@newsweek.
com ..
