Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
Editorials & Other Articles
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
Watch out! Medusa ransomware running rampant - Anyone wanna guess where the Medusa gang is based out of?
The FBI and the U.S. Cybersecurity and Infrastructure Security Agency are urging users of popular email services like Gmail and Outlook to be on the lookout for a dangerous and potentially costly ransomware scheme.
A bulletin released this week detailed a warning for the Medusa ransomware gang, a group that’s been active since 2021.
“While Medusa has since progressed to using an affiliate model, important operations such as ransom negotiation are still centrally controlled by the developers,” the advisory said. “Both Medusa developers and affiliates — referred to as ‘Medusa actors’ in this advisory — employ a double extortion model, where they encrypt victim data and threaten to publicly release exfiltrated data if a ransom is not paid.”
As of February 2025, the ransomware attack has impacted more than 300 victims in the medical, education, legal, insurance, technology and manufacturing fields. The group uses phishing campaigns – bogus emails that prompt users to click links or provide personal information – as well as exploitation of unpatched software vulnerabilities. It then takes the computer or information “hostage” until a ransom is paid.
https://www.al.com/news/2025/03/fbi-issues-warning-to-all-gmail-outlook-email-users.html
A bulletin released this week detailed a warning for the Medusa ransomware gang, a group that’s been active since 2021.
“While Medusa has since progressed to using an affiliate model, important operations such as ransom negotiation are still centrally controlled by the developers,” the advisory said. “Both Medusa developers and affiliates — referred to as ‘Medusa actors’ in this advisory — employ a double extortion model, where they encrypt victim data and threaten to publicly release exfiltrated data if a ransom is not paid.”
As of February 2025, the ransomware attack has impacted more than 300 victims in the medical, education, legal, insurance, technology and manufacturing fields. The group uses phishing campaigns – bogus emails that prompt users to click links or provide personal information – as well as exploitation of unpatched software vulnerabilities. It then takes the computer or information “hostage” until a ransom is paid.
https://www.al.com/news/2025/03/fbi-issues-warning-to-all-gmail-outlook-email-users.html
Cyjax: Telltale signs that the Medusa Ransomware group are Russian affiliated
“Although we cannot be certain that this is a Russian hacking operation, the fact is that the group posts updates on Russian language cybercrime forums and that there is a prohibition from targeting organisation within the Russian geopolitical sphere of influence through the commonwealth of independent states is a strong indicator of the groups likely origins and allegiance. This particular group works hard to preserve its relationship with the Kremlin – enjoying for a moment a certain level of tolerance. This ‘if it’s bad for the west, it’s good for us’ Russian foreign policy objective is amplified by them and other ransomware organisations.”
https://www.globalsecuritymag.com/cyjax-telltale-signs-that-the-medusa-ransomware-group-are-russian-affiliated.html
“Although we cannot be certain that this is a Russian hacking operation, the fact is that the group posts updates on Russian language cybercrime forums and that there is a prohibition from targeting organisation within the Russian geopolitical sphere of influence through the commonwealth of independent states is a strong indicator of the groups likely origins and allegiance. This particular group works hard to preserve its relationship with the Kremlin – enjoying for a moment a certain level of tolerance. This ‘if it’s bad for the west, it’s good for us’ Russian foreign policy objective is amplified by them and other ransomware organisations.”
https://www.globalsecuritymag.com/cyjax-telltale-signs-that-the-medusa-ransomware-group-are-russian-affiliated.html
Trump Administration Halts Cybersecurity Operations That Guarded U.S. from Russian Cyberattacks
https://democraticunderground.com/100220096679
https://democraticunderground.com/100220096679
At what point does the Trump administration become accessories to the hacking?
5 replies
= new reply since forum marked as read
= new reply since forum marked as read
