Attack Update—FBI Warns Email And VPN Users Activate 2FA Now

FBI And CISA Issue Medusa Ransomware Industry Joint Alert

Medusa is a well-known, and seemingly commonly deployed, ransomware-as-a-service provider. Ransomware as a what? Sadly, just like many other criminal activities such as phishing attacks and infostealer campaigns, ransomware threats can effectively be rented out to anyone who is willing to pay the fee. No great technical skill is required, no genius coder to recruit, and no criminal masterminds are needed. Just the money and malicious will to attack innocent parties for profit.

FBI Warning: Enable 2FA Now

The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency recently issued a joint advisory warning that two-factor authentication needed to be activated for all webmail and VPN accounts as a matter of urgency. That public alert came in the wake of ongoing attacks using Medusa malware, a dangerous ransomware-as-a-service platform enabling cybercriminals to carry out highly effective campaigns against enterprises.

Senior Counter Threat Researcher Confirms FBI Concerns Over Medusa

Although Medusa was viewed as a more minor, lower-profile ransomware operation when it was first seen in June 2021, everything changed in 2023 when the cybercrime group opened a dedicated leak site. Every month since then, new victims have been added to the site. “Currently, the total number of victims listed stands at 410,” Tim Mitchell, a senior researcher at the Secureworks Counter Threat Unit, said, “with February 2025 accounting for the highest number of victims listed in a month at 34.” As Mitchell went on to explain, however, leak site listings only present part of the ransomware story, providing a partial view of victim numbers.

New Report Carries On Where The FBI Left Off

Elastic Security Labs has been monitoring a financially motivated threat campaign that deployed the Medusa ransomware in question, specifically using a heartcrypt-packed loader for these attacks. “This loader was deployed alongside a revoked certificate-signed driver from a Chinese vendor we named Abyssworker,” Cyril François, a senior malware research engineer with the Elastic Security Labs Team, said “which it installs on the victim machine and then uses to target and silence different endpoint detection and response vendors.” The methodology is what has become known as a bring-your-own-vulnerable driver attack that is designed to disable security protections.

Not Just FBI Warnings As Another Ransomware-As-A-Service Threat Emerges

Medusa isn’t the only ransomware-as-a-service that enterprises need to worry about. Hellcat is also making a name for itself, according to a warning from Nick Tausek, lead security automation architect at Swimlane, who told me that it’s a “pretty polished ransomware-as-a-service operator, with an established dark web presence and recruiting operations.”

Conclusion

It is clear that the Medusa ransomware-as-a-service is a significant threat to enterprises and individuals alike. The FBI and other cybersecurity experts have warned of its dangers, and it is crucial that all organizations take steps to protect themselves against this type of attack. This includes enabling two-factor authentication, keeping software up to date, and being cautious when opening emails and attachments from unknown senders.

FAQs

Q: What is Medusa ransomware-as-a-service?
A: Medusa is a well-known, and seemingly commonly deployed, ransomware-as-a-service provider.

Q: What is the FBI warning about Medusa?
A: The FBI has issued a warning about Medusa, stating that it is a significant threat to enterprises and individuals, and that all organizations should take steps to protect themselves against this type of attack.

Q: What is the best way to protect against Medusa attacks?
A: The best way to protect against Medusa attacks is to enable two-factor authentication, keep software up to date, and be cautious when opening emails and attachments from unknown senders.

Q: Is Medusa the only ransomware-as-a-service threat?
A: No, there are other ransomware-as-a-service threats, such as Hellcat, that enterprises should be aware of and take steps to protect against.