Federal agencies are warning about continued Medusa ransomware attacks, urging action to patch vulnerabilities, segment networks, and strengthen access controls.
CISA, in partnership with the Federal Bureau of Investigation and Multi-State Information Sharing and Analysis Center, released a joint cybersecurity advisory warning of activity by Medusa ransomware observed as recently as February.
The advisory provides tactics, techniques, and procedures, indicators of compromise, and detection methods associated with known Medusa ransomware activity.
Medusa is a ransomware-as-a-service variant used to conduct ransomware attacks; as of December 2024, over 300 victims from critical infrastructure sectors have been impacted. Medusa actors use common techniques like phishing campaigns and exploiting unpatched software vulnerabilities.
Immediate actions organizations can take to mitigate Medusa ransomware activity:
- Ensure operating systems, software, and firmware are patched and up to date.
- Segment networks to restrict lateral movement.
- Filter network traffic by preventing unknown or untrusted origins from accessing remote services.
“This well-known foreign ransomware group has conducted high impact ransomware attacks against hospitals, resulting in disruption and delay to health care delivery and posing a risk to patient and community safety,” says John Riggi, American Hospital Association national advisor for cybersecurity and risk, in a release. “They routinely engage in double extortion, where they demand an extortion payment to not publish stolen patient data and a payment for the decryption key to unlock encrypted data and systems.
“This gang exploits stolen credentials and known vulnerabilities. It is recommended that the actionable threat intelligence contained in the alert be ingested into network defenses. It is also recommended that organizations prioritize patching of known exploited vulnerabilities, segment networks, and employ best practices for identity and access management.”
CISA encourages network defenders to review the advisory and implement the recommended mitigations to reduce the likelihood and impact of Medusa ransomware incidents. See #StopRansomware and the #StopRansomware Guide for additional guidance on ransomware protection, detection, and response.
ID 137054284 © Dwnld777 | Dreamstime.com
