TZUTC: -0500   
   MSGID: 466.consprcy@1:2320/105 2c39f451   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   US government warns Medusa ransomware has hit hundreds of critical   
   infrastructure targets   
      
   Date:   
   Fri, 14 Mar 2025 14:03:00 +0000   
      
   Description:   
   Medusa ransomware has been around since 2021, targeting more than 300    
   critical infrastructure firms, CISA warns.   
      
   FULL STORY   
   ======================================================================   
    - FBI, CISA, and MS-ISAC publish new report on Medusa ransomware   
    - They claim the group struck hundreds of critical infrastructure firms   
    - Agencies share advice on how to stay safe   
      
   Hundreds of critical infrastructure targets have fallen victim to Medusa   
   ransomware over the last four years, a new US government report has warned,   
   urging organizations to apply known mitigations and minimize the risk of an   
   attack.    
      
   The Federal Bureau of Investigation, the US Cybersecurity and Infrastructure   
   Security Agency (CISA), and the Multi-State Information Sharing and Analysis   
   Center (MS-ISAC), have issued a joint report saying more more than 300   
   organizations in the critical infrastructure sector have already fallen prey   
   to the infamous group.   
      
   "As of February 2025, Medusa developers and affiliates have impacted over 300   
   victims from a variety of critical infrastructure sectors with affected   
   industries including medical, education, legal, insurance, technology, and   
   manufacturing," the report says. "FBI, CISA, and MS-ISAC encourage   
   organizations to implement the recommendations in the Mitigations section of   
   this advisory to reduce the likelihood and impact of Medusa ransomware   
   incidents."    
      
   The recommendations include mitigating known vulnerabilities and making sure   
   operating systems, software, and firmware are patched on time, segmenting   
   networks to hinder attempts at lateral movement, and filtering network    
   traffic by blocking access from untrusted origins.    
      
   Medusa first emerged in 2021, but since it was originally intended to be a   
   closed ransomware variant, its success was somewhat limited. A few years   
   later, the operation evolved into a Ransomware-as-a-Service (RaaS) with an   
   affiliate model, which propelled it into one of the most dangerous variants   
   out there.    
      
   "Medusa developers typically recruit initial access brokers (IABs) in   
   cybercriminal forums and marketplaces to obtain initial access to potential   
   victims," the report claims. "Potential payments between $100 USD and $1   
   million USD are offered to these affiliates with the opportunity to work   
   exclusively for Medusa."    
      
   Some of the more notable victims include the Minneapolis Public School   
   District, which suffered a significant breach resulting in the exposure of   
   sensitive information such as psychological reports and abuse allegations.   
   Other affected sectors encompass healthcare, manufacturing, technology,    
   legal, insurance, and education industries.    
      
    Via BleepingComputer   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/us-government-warns-medusa-ransomware-h   
   as-hit-hundreds-of-critical-infrastructure-targets   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426