IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.
Cybersecurity

FBI: A Simple Email Could Make You a Target for Extortion

The ransomware software called Medusa has launched attacks on hundreds of people since 2021, using phishing campaigns as its main method for stealing victims’ credentials, according to federal officials.

March 18, 2025 • 
Robert Higgs, cleveland.com
email
(TNS) — A new warning from federal officials cautions users to beware of a dangerous ransomware scheme that can attack your computer systems via a simple email.

The ransomware software called Medusa has launched attacks on hundreds of people since 2021, using phishing campaigns as its main method for stealing victims’ credentials, the FBI and the U.S. Cybersecurity and Infrastructure Security Agency said in a recent joint warning.

Links included in the emails allow the ransomware to access a computer system, taking it hostage.

Federal officials recommend patching operating systems, software and firmware, in addition to using multifactor authentication for all services such as email and VPNs.

Experts also recommended using long passwords, and warned against frequently recurring password changes because they can weaken security.

Medusa developers and affiliates — called “Medusa actors” — use a double extortion model, the advisory said. They encrypt a victim’s data and threaten to publicly release it if a ransom is not paid.

Medusa operates a data-leak site that shows victims alongside countdowns to the release of information.

“Ransom demands are posted on the site, with direct hyperlinks to Medusa affiliated cryptocurrency wallets,” the agencies said. “At this stage, Medusa concurrently advertises sale of the data to interested parties before the countdown timer ends. Victims can additionally pay $10,000 USD in cryptocurrency to add a day to the countdown timer.”

FBI investigators found that Medusa actors, on at least one occassion, conduced what amounts to a “triple extortion scheme.”

After paying a ransom, the is contacted by a separate Medusa actor claiming that the ransom amount had been stolen and demanding half of the payment be made again to obtain the “true decryptor.”

Since February, Medusa developers and affiliates have hit more than 300 victims across industries, including the medical, education, legal, insurance, technology and manufacturing sectors, federal officials said.

More #StopRansomware advisories are available at stopransomware.gov, including information on other ransomware threats and no-cost resources.

© 2025 Advance Local Media LLC. Distributed by Tribune Content Agency, LLC.

Tags:

Cybersecurity
Sign up for GovTech Today

Delivered daily to your inbox to stay on top of the latest state & local government technology trends.
gov-footer-logo-2024.png
gt-footer-logo.png
ii-footer-logo.png
nav-footer-logo.png
cdg-footer-logo.png
cde-footer-logo.png
cpsai-footer-logo.png
em-footer-logo.png