CyberSecurityBoard
Sponsor Register Login

CISA: More than 300 critical infrastructure orgs attacked by Medusa ransomware | The Record from Recorded Future News

“FBI investigations identified that after paying the ransom, one victim was contacted by a separate Medusa actor who claimed the negotiator had stolen the ransom amount already paid and requested half of the payment be made again to provide the ‘true decryptor’ — potentially indicating a triple extortion scheme,” the advisory said. An advisory from the FBI, Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC) on Wednesday said the group and its affiliates have attacked organizations in the medical, education, legal, insurance, technology and manufacturing industries. The group’s affiliates have been seen exploiting CVE-2024-1709 — a controversial vulnerability impacting the popular ScreenConnect remote access tool — as well as CVE-2023-48788, which affects products from security company Fortinet. In addition to attacks on the Pacific island nation of Tonga, it has targeted municipalities in France and government agencies in the Philippines as well as a technology company created by two of Canada’s largest banks. The Medusa ransomware gang has attacked over 300 victims in critical infrastructure sectors, according to U.S. cybersecurity agencies. Medusa — which the FBI said is not the same as the MedusaLocker variant and the Medusa mobile malware variant — initially started as a closed group operated by developers and hackers before expanding to an affiliate model. Medusa drew attention in 2023 for an attack on Minneapolis Public Schools, which exposed troves of sensitive student documents impacting more than 100,000 people. But one of the group’s most recent claims of an attack on the city of Aurora, Colorado was disputed by local officials in comments to Recorded Future News. The ransomware-as-a-service group emerged in June 2021 and continues to cause havoc through relatively basic attacks that start with phishing and exploiting unpatched vulnerabilities. “Potential payments between $100 USD and $1 million USD are offered to these affiliates with the opportunity to work exclusively for Medusa,” the agencies said.

This Cyber News was published on therecord.media. Publication date: Wed, 12 Mar 2025 20:10:11 +0000


Cyber News related to CISA: More than 300 critical infrastructure orgs attacked by Medusa ransomware | The Record from Recorded Future News

Medusa Ransomware Turning Your Files into Stone - Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. The Unit 42 ...
1 year ago Unit42.paloaltonetworks.com Medusa
10 Best Ransomware Protection Tools - 2025 - It protects devices from ransomware and other cyber threats using advanced threat intelligence, behavioral analysis, and cloud-based technology. It monitors and prevents ransomware assaults on personal files and automatically restores encrypted ...
2 weeks ago Cybersecuritynews.com
CISA: More than 300 critical infrastructure orgs attacked by Medusa ransomware | The Record from Recorded Future News - “FBI investigations identified that after paying the ransom, one victim was contacted by a separate Medusa actor who claimed the negotiator had stolen the ransom amount already paid and requested half of the payment be made again to provide the ...
4 hours ago Therecord.media CVE-2024-1709 Medusa
CISA: Medusa ransomware hit over 300 critical infrastructure orgs - Last month, CISA and the FBI issued another joint alert warning that victims from multiple industry sectors across over 70 countries, including critical infrastructure, have been breached in Ghost ransomware attacks. "As of February 2025, ...
5 hours ago Bleepingcomputer.com Medusa
Medusa Ransomware Attacks Grown By 42% With New Tools & Techniques - Following the pattern of most modern ransomware operators, Spearwing and its affiliates implement double extortion attacks, first stealing victims’ data before encrypting networks to increase pressure on victims to pay ransoms. In almost all ...
2 days ago Cybersecuritynews.com LockBit Medusa
What CIRCIA Means for Critical Infrastructure Providers and How Breach and Attack Simulation Can Help - Cyber Defense Magazine - To prepare themselves for future attacks, organizations can utilize BAS to simulate real-world attacks against their security ecosystem, recreating attack scenarios specific to their critical infrastructure sector and function within that sector, ...
5 months ago Cyberdefensemagazine.com Akira
300 Strikes: Fort Worth's Battle Against the Medusa Gang - In the wake of a cyberattack on Tarrant County Appraisal District in March, the Medusa ransomware gang has claimed responsibility for the hack and has threatened the public with the threat of leaking 218 GB of the stolen data unless the ransom of ...
10 months ago Cysecurity.news Medusa
'Sex life data' stolen from UK government among record number of ransomware attacks - Data on the sex lives of up to 10,000 people was stolen from a British government department in one of the record number of ransomware attacks to have hit Westminster in the first half of this year. It is not known which department the information ...
1 year ago Therecord.media
The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
1 year ago Securityboulevard.com TA505 8base LockBit BianLian Medusa Noescape Black Basta
Medusa Ransomware Unleashes New Tactics: Data Sale, Time Extension, and AI Threats - In the ever-evolving landscape of cyber threats, Medusa Ransomware has taken a bold step by launching a dedicated blog to publish victim details, offering a chilling one-click data sale for $10,000. This notorious group, distinct from Medusa Locker ...
1 year ago Cybersecurity-insiders.com Medusa
CISA pledges to resolve issues with threat sharing system after watchdog report - On Friday, the Department of Homeland Security’s Office of the Inspector General published a report on Automated Indicator Sharing (AIS) — which was used to spread cyber threat intelligence and was mandated as part of a 2015 law. The nation’s ...
5 months ago Therecord.media
The Week in Ransomware - Earlier this month, the BlackCat/ALPHV ransomware operation suffered a five-day disruption to their Tor data leak and negotiation sites, rumored to be caused by a law enforcement action. The FBI revealed this week that they hacked the BlackCat/ALPHV ...
1 year ago Bleepingcomputer.com LockBit Akira Noescape
CVE-2019-5303 - There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing ...
1 year ago
CVE-2019-5302 - There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing ...
1 year ago
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
9 months ago Securityaffairs.com
CISA says it will continue to monitor Russian cyber threats | The Record from Recorded Future News - Both The Guardian and Washington Post bolstered the claims about CISA by saying a recent speech on critical infrastructure cyber threats by a senior State Department official did not mention Russia. The story emerged on Friday around the same time as ...
1 week ago Therecord.media
The Week in Ransomware - This week was pretty quiet on the ransomware front, with most of the attention on the seizure of the BreachForums data theft forum. That does not mean there was nothing of interest released this week about ransomware. A report by CISA said that the ...
9 months ago Bleepingcomputer.com LockBit Inc ransom Black Basta
Strategy, Harmony & Research: Triaging Priorities for OT Cybersecurity - The mission of the Cybersecurity and Infrastructure Security Agency is to lead the national effort to understand, manage, and reduce risk to the cyber and physical infrastructure that Americans rely on every hour of every day. CISA is not responsible ...
1 year ago Darkreading.com
A Plan to Protect Critical Infrastructure from 21st Century Threats - On April 30th, the White House released National Security Memorandum-22 on Critical Infrastructure Security and Resilience, which updates national policy on how the U.S. government protects and secures critical infrastructure from cyber and ...
9 months ago Cisa.gov
Opening Statement by CISA Director Jen Easterly - Chairman Gallagher, Ranking Member Krishnamoorthi, Members of the Committee, thank you for the opportunity to testify on CISA's efforts to protect the Nation from the preeminent cyber threat posed by the People's Republic of China. As America's ...
1 year ago Cisa.gov
Cyber Insights 2023: ICS and Operational Technology - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. At the same time, ICS/OT is facing an expanding attack surface caused by ...
2 years ago Securityweek.com
Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
2 years ago Heimdalsecurity.com LockBit
Ransomware in 2023 recap: 5 key takeaways - This provides the best overall picture of ransomware activity, but the true number of attacks is far higher. While some ransomware trends hardly changed over the last year, such as LockBit's continued dominance, ransomware criminals also challenged ...
1 year ago Malwarebytes.com Scattered Spider LockBit
Non-mobile malware statistics, Q1 2024 - More than 83,000 users experienced ransomware attacks, with 20% of all victims published on ransomware gangs' DLSs hit by LockBit. In Q1, Kaspersky solutions protected 83,270 unique users from ransomware Trojan attacks. Number of unique users ...
9 months ago Securelist.com LockBit

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)