FBI warns of possible Outlook, Gmail cyberattacks
The FBI is warning users of popular email services such as Outlook and Gmail that they could be subject to cyberattacks by ransomware called Medusa, which has impacted more than 300 victims from a number of sectors, including technology, legal, medical and manufacturing.
Medusa, a ransomware-as-a-service that was first identified in June, was spotted as recently last month, according to an advisory released last week by the FBI, the Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC).
“Both Medusa developers and affiliates—referred to as 'Medusa actors' in this advisory—employ a double extortion model, where they encrypt victim data and threaten to publicly release exfiltrated data if a ransom is not paid,” the agencies said in the March 12 advisory.
Medusa developers normally recruit initial access brokers in marketplaces and cybercriminal forums, paying them between $100,000 and $1 million with an opportunity to solely work for a hacking organization. Those brokers are known to use common techniques like phishing campaigns and exploiting unpatched software vulnerabilities, according to the advisory.
“The ransom note demands victims make contact within 48 hours via either a Tor browser-based live chat, or via Tox, an end-to-end encrypted instant-messaging platform,” the agencies wrote. “If the victim does not respond to the ransom note, Medusa actors will reach out to them directly by phone or email.”
A victim was extorted three times in one case, according to an FBI investigation. The victim was contacted by another Medusa actor who contended that the main hacker stole the ransom amount and asked for another payment.
The FBI, CISA and MS-ISAC outlined some steps users can take to protect themselves from Medusa ransomware.
Users should protect all accounts with passwords, ideally having longer passcodes that are changed often. Multifactor authentication should be in place.
Copies of sensitive data, in the form of hard drives, the cloud and storage devices, should be developed for recovery. Users should also have offline backs of data that ideally are encrypted. The operating systems of devices should be up to date.
If users open phishing links or attachments, they should not simply ignore the step, according to Ryan Kalember, the chief strategy officer at security firm Proofpoint.
“That is often the first reaction, and it is not ideal,” he told The Washington Post. “When you fall for something, the attacker still has some window of time where they have to figure out what they’ve just got and whether it’s even worth taking advantage of.”
-
Cybersecurity officials warn against potentially costly Medusa ransomware attacks
The FBI and the U.S. Cybersecurity and Infrastructure Security Agency are warning email users against a dangerous ransomware schemeABC News - 4d -
Don't click on road toll texts. FBI issues fresh warning about the smishing scam
The FBI is warning Americans not to respond to scam road toll collection texts after receiving more than 2,000 complaints this monthABC News - 6d -
FBI warns about counterfeit versions of weight loss drugs
The FBI warns counterfeit versions of weight loss drugs drugs can cause significant health issues.ABC News - 5d -
FBI warns Americans of potential spring break travel dangers
The FBI advises travelers to be vigilant and avoid traveling alone.CBS News - 1d -
FBI Announces a Fresh Warning About a ‘Smishing’ Scam
The FBI is advising people not to click on those road toll texts. It’s received over 2,000 complaints this month alone.Inc. - 6d -
Texas, New Mexico measles outbreak grows to more than 300
The measles outbreak impacting Texas and New Mexico has now exceeded 300 cases, surpassing the number of measles cases reported in all of the U.S. last year. According to the latest update from the ...The Hill - 1d -
Delta warns on profit as economic ‘uncertainty’ dents US demand
Shares tumble more than 12% after-hours as carrier cuts quarterly revenue and earnings outlook by halfFinancial Times - Mar. 10 -
Elon Musk Claims X Targeted in ‘Massive Cyberattack’
X (formerly Twitter) went down for thousands of users on Monday. Musk blamed a cyberattack.Inc. - Mar. 10 -
Musk blames 'massive cyberattack' for X outage
Elon Musk said his social media platform X was targeted in a "massive cyberattack" on Monday, prompting outages for thousands of users. "There was (still is) a massive cyberattack against X," Musk ...The Hill - Mar. 10
More from The Hill
-
Clyburn says prediction of ‘Jim Crow 2.0’ coming true
Rep. James Clyburn (D-S.C.) said his previous theory that the Trump administration would enact “Jim Crow 2.0” is coming true. Clyburn joined CNN’s Brianna Keilar on Wednesday, when he was asked if ...The Hill - 1h -
Trump to sign order Thursday dismantling Department of Education
President Trump is expected to sign an order on Thursday to launch the Department of Education's dismantling. A White House official told NewsNation that the anticipated executive order, first ...The Hill - 1h -
Former Houston City Council member launches House bid to succeed late Sylvester Turner
Former Houston City Council member Amanda Edwards announced her bid for Congress on Wednesday to fill the seat vacated after the death of Rep. Sylvester Turner (D-Texas), saying the Democratic ...The Hill - 2h -
Crash victims' families ask Transportation Dept not to let Musk influence Tesla probes
Families of several people who were killed or seriously injured in Tesla crashes from its self-driving technology have urged the Department of Transportation (DOT) not to let Elon Musk’s influence ...The Hill - 2h -
Israel returns to deadly force in Gaza
Welcome to The Hill's Defense & NatSec newsletter {beacon} Defense &National Security Defense &National Security The Big Story Israel returns to deadly force in Gaza The Israeli military ...The Hill - 2h
More in Politics
-
Clyburn says prediction of ‘Jim Crow 2.0’ coming true
Rep. James Clyburn (D-S.C.) said his previous theory that the Trump administration would enact “Jim Crow 2.0” is coming true. Clyburn joined CNN’s Brianna Keilar on Wednesday, when he was asked if ...The Hill - 1h -
Trump to sign order Thursday dismantling Department of Education
President Trump is expected to sign an order on Thursday to launch the Department of Education's dismantling. A White House official told NewsNation that the anticipated executive order, first ...The Hill - 1h -
Former Houston City Council member launches House bid to succeed late Sylvester Turner
Former Houston City Council member Amanda Edwards announced her bid for Congress on Wednesday to fill the seat vacated after the death of Rep. Sylvester Turner (D-Texas), saying the Democratic ...The Hill - 2h -
Crash victims' families ask Transportation Dept not to let Musk influence Tesla probes
Families of several people who were killed or seriously injured in Tesla crashes from its self-driving technology have urged the Department of Transportation (DOT) not to let Elon Musk’s influence ...The Hill - 2h -
Israel returns to deadly force in Gaza
Welcome to The Hill's Defense & NatSec newsletter {beacon} Defense &National Security Defense &National Security The Big Story Israel returns to deadly force in Gaza The Israeli military ...The Hill - 2h