The FBI and the US infrastructure security agency and US infrastructure warn against a dangerous ransomware scheme.
In an opinion posted earlier this week, government officials warned that ransomware-as-service software called Medusa, which has launched 2021 ransomware attacks, has recently affected hundreds of people. Medusa uses phishing campaigns as the main method to steal victims’ credentials, according to CISA.
To protect against ransomware, officials have recommended operating, software and patching systems, in addition to using multifactor authentication for all services such as E -mail and VPNs. Experts also recommended the use of long passwords and warned against recurrent password changes, as they can weaken security.
Developers and affiliates Medusa – called “Medusa Actors” – use a double extortion model, where they “encrypt the victim’s data and threaten to release the outdated data if no redemption is paid,” the opinion said. Medusa operates a data leak site showing victims alongside the countdown until the information is released.
“The redemption requests are posted on the site, with direct hyperlinks to cryptocurrency wallets affiliates,” the opinion said. “At this stage, Medusa advertises at the same time the sale of the data to the interested parties before the end of the stopwatch. In addition, the victims can pay $ 10,000 in Cryptocurrency to add a day to the count -count. “
Since February, developers and affiliates Medusa have hit over 300 victims from industries, including medical sectors, education, legal, insurance, technology and production, said CISA.