In June 2021, a new ransomware reared its ugly head. By last month, Medusa had impacted over 300 victims across a wide swath of industries from medical to legal, technology to manufacturing.

 

This “ransomware-as-a-service provider” demon started being controlled by a single group of threat actors but has expanded into an affiliate model, meaning a whole network of attackers spread out and use a double extortion model that experts say, “encrypts victim data and threatens to publicly release exfiltrated data if the ransom is not paid.” Victims are given 48 hours to respond by chat or instant messaging followed by email or phone. They are also provided with a link to the affiliate’s crypto wallet where they can see a countdown of their time remaining and alerts advertising their data that parties can bid on or buy. Pretty terrible.

 

The FBI and other cybersecurity agencies are tracking Medusa and developing a plan to counter their attacks, but in the meantime, they recommend implementing a number of actions to protect businesses (as well as individuals) from this type of attack:

 

1. Update all operating systems, software, and firmware.
2. Implement multi-factor authentication for all systems and virtual private networks.
3. Segment networks to minimize the spread of ransomware.
4. Install software that monitors and logs unusual network traffic.
5. Back up critical data or proprietary material and save it somewhere physically separate from your network (like a hard drive or in the cloud).

 

As always set a good example and encourage employees, colleagues, and family members who share a network to be good stewards of data—even if doing so take a little extra time and effort.