Authorities in the USA have issued a warning about ransomware attackers targeting users of popular email services like Gmail, Outlook, and others, who have seized data from hundreds of users.

The FBI has alerted about ransom scammers running phishing campaigns through email services.

This type of ransomware known as “Medusa” was first detected in June 2021. The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI issued a warning about this threat on March 12th. As of February 2025, these cyber attacks have affected over 300 victims. According to the FBI and CISA, Medusa developers work with intermediaries who gain access to the device to carry out data breaches, and they pay these individuals between $100 to $1 million.

Attackers conduct phishing campaigns and exploit unpatched software vulnerabilities to reach their targets.

THE GROUP OPERATING THE RANSOMWARE IDENTIFIED AS SPEARWING

According to a blog post published by cybersecurity software brand Symantec on March 6th, the group operating the Medusa ransomware was identified as Spearwing. The warning stated: “Like most ransomware groups, Spearwing and its affiliates conduct double extortion attacks. After stealing victims’ data, they encrypt their networks to increase the pressure for ransom payment. If victims refuse to pay the ransom, the group threatens to publish the stolen data on its leaked site.” According to Symantec, Spearwing has targeted hundreds of individuals since the beginning of 2023. The group’s data leak site includes approximately 400 victims, but it is believed that the actual number is much higher.

RANSOM DEMANDS REACH UP TO $15 MILLION

The demands for ransom with the Medusa ransomware by Spearwing range from $100,000 to $15 million.

The group, besides gaining access to the networks of their targets, also seizes legal accounts such as healthcare institutions for malicious activities.

WAYS TO PROTECT AGAINST MEDUSA

The FBI and CISA recommend the following measures to protect against Medusa ransomware:

• Backup plan: Store sensitive and critical data separately in a secure location. Use external hard drives, storage devices, and cloud services.

• Mandatory passwords on all accounts: Employees should use long and regularly changed passwords.

• Two-factor authentication: Use MFA, especially for web email services, Virtual Private Networks (VPN), and accounts with access to critical systems.

• Keep all operating systems, software, and device software up to date.

• Segment networks to prevent the spread of ransomware.

• Use a network monitoring tool to detect and track suspicious activities.

• Use only VPN or secure access points for remote access.

• Monitor unauthorized scanning and access attempts.

• Filter network traffic and block access to internal systems from unknown or untrusted sources.

• Close unused ports.

• Create offline backups of data and regularly backup and restore.

• Ensure all backup data is encrypted and immutable.