The FBI and the US Cybersecurity and Infrastructure Security Agency are urging users of email services including Gmail and Outlook to protect themselves from Medusa. The agencies say attackers using the ransomware variant have hit hundreds of companies across multiple industries, including critical infrastructure, using phishing techniques and exploiting software vulnerabilities to steal data, USA Today reports. According to security software firm Symantec, attacks involving Medusa are rising sharply, with hackers demanding ransoms anywhere between $100,000 and $15 million. CISA says its cybersecurity advisory is part of its ongoing Stop Ransomware campaign.
- Spearwing. In a blog post earlier this month, Symantec said a group called Spearwing is behind the attacks. "Like the majority of ransomware operators, Spearwing and its affiliates carry out double extortion attacks, stealing victims' data before encrypting networks in order to increase the pressure on victims to pay a ransom," Symantec said. "If victims refuse to pay, the group threatens to publish the stolen data on their data leaks site."