Security officials warned people to protect their accounts from Medusa, a program which holds users’ emails and sensitive data hostage unless a ransom is paid
Gmail and Microsoft Outlook users have been alerted by the FBI about a perilous programme that has been hijacking sensitive data. The Medusa ransomware has targeted more than 300 known victims from “critical infrastructure sectors”, including hospitals, schools and influential firms, all through phishing scams targeting vulnerable software.
In a joint statement, the FBI and the US Cybersecurity and Infrastructure Security Agency (CISA) revealed that Medusa dupes users into surrendering access data via counterfeit emails or websites.
Once they have infiltrated the system, the cybercriminals lock all crucial files, making duplicates for themselves. They then demand a hefty ransom of anything between $100,000 and $15m (£77,000 to £11.5m), threatening to leak potentially humiliating information if their demands are not met.
How to protect yourself from Medusa
Officials recommend Gmail users to promptly activate two-factor authentication, adding an extra shield of security to their accounts. This additional safety step involves receiving a code via text message before accessing your mailbox, reports the Mirror US. Both businesses and individuals are also urged to ensure their operating systems are up-to-date with the latest security patches.
The FBI suggests considering the removal of sensitive photos currently stored in your Gmail and printing hard copies of documents that could be targeted. Users are also recommended to maintain an active spam filter constantly to prevent phishing emails from reaching your inbox and to eliminate any dubious emails with redirect links. Clicking on these could give the hacker access to your computer.
Warning to businesses
The FBI and CISA have issued a three-point plan for organisations to protect themselves from falling victim to the Medusa ransomware:
- Mitigate known vulnerabilities by ensuring operating systems, software, and firmware are patched and up to date within a risk-informed span of time.
- Segment networks to restrict lateral movement from initial infected devices and other devices in the same organisation.
- Filter network traffic by preventing unknown or untrusted origins from accessing remote services on internal systems.