Medusa Ransomware Targets Over 200 Gmail Users

The FBI has lately issued warnings about some of the most advanced ransomware attacks ever against Gmail users, as well as a deadly ransomware campaign from so-called Ghost attackers and strange ransomware attack threats from the USPS. As the Medusa ransomware gang continues its operations, a recently released FBI industry notice has combined prior recommendations for consumers to utilise two-factor authentication to prevent such attacks into a single piece of advice. According to the FBI, make sure that 2FA is enabled for VPNs and webmail services like Gmail and Outlook. And turn it on right away.

Since the campaign was first noticed in June 2021, Medusa, a highly dangerous ransomware-as-a-service provider, has affected at least 300 victims from the critical infrastructure sector. During attacks, Medusa is known to use both social engineering and unpatched software vulnerability exploitation. Intelligence agencies have been able to compile a dossier of the threat actors’ strategies, techniques, and processes, as well as indicators of compromise and detection measures, thanks to FBI investigations conducted as recently as February.

Ransomware as a service is still very much in use today. According to the FBI, the following steps should be taken immediately, by all companies to lessen the impact of the Medusa ransomware assault campaigns

If at all feasible, require two-factor authorisation for all services, but especially for webmail (such as Gmail, Outlook, and others), virtual private networks, and accounts that have access to vital systems.

All password-protected accounts should have lengthy passwords, and frequent password changes should be discouraged as they might compromise security.

Update all firmware, software, and operating systems. Give fixing known exploited vulnerabilities in systems that are accessible via the internet first priority.

Use a networking monitoring tool to find, identify, and look at unusual activities and possible ransomware traversal.

Filter network traffic by blocking access to distant services on internal systems from unidentified or untrusted sources.

Configure access controls based on the least privilege principle and audit user accounts with administrative privileges.

Turn off scripting and command-line operations and permissions.

According to FBI  special agent in charge Mark Michalek, “educating people to avoid falling victim to these fraudsters in the first place is the best way to thwart these fraudsters.”  The greatest recommendation in this case is to only utilize tools from reliable websites and providers.