Medusa Ransomware Hits 300+ Critical Infrastructure Organizations Worldwide

The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have issued a joint advisory on the Medusa ransomware, a ransomware-as-a-service (RaaS) variant that has been active since June 2021.

As of February 2025, Medusa has impacted over 300 victims across critical infrastructure sectors, including healthcare, education, legal services, insurance, technology, and manufacturing.

Unlike other ransomware variants such as MedusaLocker or Medusa mobile malware, the Medusa ransomware employs a double extortion model.

This approach involves encrypting victim data while simultaneously threatening to release stolen information unless a ransom is paid.

Medusa operates using an affiliate model where developers and affiliates collaborate to execute attacks.

The developers maintain centralized control over key operations like ransom negotiations.

Affiliates are often recruited via cybercriminal forums and marketplaces, with payments ranging from $100 to $1 million for initial access to victim systems.

Techniques ...