Medusa ransomware targets Gmail and Outlook users, warns CISA & FBI

Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued an alert for Gmail and Microsoft Outlook users from a new and very sophisticated ransomware known as Medusa. The ransomware-as-a-service has been functional since 2021 and recently upped the ante, striking over 300 victims across various sectors like healthcare, education, law, insurance, tech, and manufacturing.

Here’s how Medusa Ransomware works

Medusa actors employ a double extortion approach. Initially, they gain access to victims’ networks through phishing attacks for credential harvesting. Having secured the access, they encrypt victims’ data and threaten to publish the stolen information on the web if the ransom is not paid. To exert further pressure, Medusa possesses a data-leak site where victims are included together with countdown timers indicating when their data will leak. Ransom notes are posted on this site, with explicit cryptocurrency wallet links associated with Medusa. Ransom victims can also pay $10,000 in cryptocurrency to retrigger the countdown timer by one day.

To prevent Medusa ransomware victimization, the FBI and CISA recommend the following:

• Keep Systems Updated: Regularly patch operating systems and maintain all devices up to date to address known vulnerabilities.
• Enable Multi-Factor Authentication (MFA): Enable MFA for products like email and Virtual Private Networks (VPNs) to give an extra layer of security.
• Use Strong Passwords: Employ strong and separate passwords, and avoid frequent changing of passwords that weakens more robust security systems.
• Be Cautious with Communications: Be cautious with unexpected emails or messages, especially with links or attachments, to steer clear of phishing attacks.

Android & iPhone devices are also targeted, but not by Medusa

In addition to the Medusa menace, the FBI has also experienced a dramatic spike in “smishing” attacks on iPhones and Android devices. These attacks target unsuspecting users by making false claims over SMS in a bid to steal personal and financial details. Cybercriminals have registered over 10,000 domains that have caused more such attacks, with a fourfold rise since January 2025, thereby providing fertile ground for fraud and identity theft.

The expanding ransomware operations by groups like Medusa underscore the pressing need for robust cybersecurity procedures. To protect yourself against these evolving threats, you must be vigilant, keep your systems up to date, and follow recommended security practices.