Overview

• Medusa ransomware operates as a ransomware-as-a-service (RaaS) model, allowing affiliates to conduct attacks while developers manage ransom negotiations.
• The FBI and CISA report over 300 victims in sectors like healthcare, education, and manufacturing, with ransom demands ranging from $100,000 to $15 million.
• Medusa actors use phishing campaigns and unpatched software vulnerabilities to infiltrate systems, employing double extortion and, in some cases, triple extortion tactics.
• Victims can pay $10,000 in cryptocurrency to delay public release of stolen data, with countdowns displayed on a data-leak website.
• Federal agencies recommend multifactor authentication, network segmentation, and regular software updates to mitigate the risk of Medusa ransomware attacks.