Feds: Widespread US critical infrastructure targeting conducted by Medusa ransomware

More than 300 organizations in U.S. critical infrastructure industries, including manufacturing, healthcare, education, insurance, technology, and legal, were disclosed by the FBI, Cybersecurity and Infrastructure Security Agency, and the Multi-State Information Sharing and Analysis Center to have been compromised by the Medusa ransomware-as-a-service operation as of February, BleepingComputer reports.

Attacks by Medusa — which emerged in January 2021 but only gained notoriety after breaching Minneapolis Public Schools over two years later — involved the enlistment of initial access brokers who are paid $100 to $1 million to facilitate initial network compromise, noted the agencies in a joint cybersecurity advisory.

U.S. organizations have been urged to defend themselves from Medusa ransomware attacks by ensuring up-to-date software, firmware, and systems, implementing network segmentation, and applying network traffic filters.

Such an alert comes nearly a month after the FBI and CISA warned of Ghost ransomware intrusions that have targeted organizations in various sectors across more than 70 countries.