Feds: Medusa RaaS Gang Conducts Widespread Targeting Of US Critical Infrastructure

More than 300 organizations in U.S. critical infrastructure industries were disclosed by the FBI, Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) to have been compromised by the Medusa Ransomware-as-a-Service operation as of February, BleepingComputer reports.

Attacks by Medusa — which emerged in January 2021, but only gained notoriety after breaching Minneapolis Public Schools over two years later — involved the enlistment of initial access brokers who are paid $100 to $1 million to facilitate initial network compromise, noted the agencies in a joint cybersecurity advisory.

U.S. organizations have been urged to defend themselves from Medusa ransomware attacks by ensuring up-to-date software, firmware, and systems, implementing network segmentation, and applying network traffic filters. This recent alert comes nearly a month after the FBI and CISA warned of Ghost ransomware intrusions that have targeted organizations in various sectors across more than 70 countries.