In mid-March 2025, the Cybersecurity and Security Agency (CISA) and the Federal Bureau of Investigation (FBI) announced that the Medusa cybercrime group specializes in organizing cyberattacks using data encryption malware to extort money (ransomware). The victims of this group are agencies, organizations, businesses, hospitals and schools.

The group conducts sophisticated cyberattacks, exploiting vulnerabilities and penetrating networks or computers, encrypting data and holding victims to ransom. Ransoms can run into the millions of dollars. The group's list of more than 400 victims includes Toyota Financial Services, part of the Toyota Group, which was held for ransom in November 2023.

Security researchers at Kaspersky have pointed out the activities of the Medusa ransomware in 2023. According to Kaspersky's recommendations for businesses, the steps to check include:

• Test and secure remote control services (Remote Desktop).
• Regularly check and update patches for virtual private network (VPN) services that provide employee access to the corporate network.
• Update the latest software on your device.
• Back up important data.
• Enhance security with solutions like Kaspersky Endpoint Detection & Response to detect attacks early.

For individual users, the FBI recommends increasing protection for Gmail and Outlook accounts, as well as VPN services in use.

• Back up your data in multiple copies, in separate and safe locations.
• Update Windows operating system and software in use.
• Use security monitoring and tracking tools for devices and networks to detect intrusions.

Nearly 1 million Windows computers were targeted

Microsoft has warned that millions of Windows computers are the target of a cyberattack when infected with malware from pirated movie sites. According to Microsoft, when accessing pirated movie websites, users' computers can be redirected to download malware that cybercriminals 'borrow' from Github as a storage place.

The attack is divided into four stages and is quite sophisticated, and parts of the malware are hosted on multiple websites including Discord and Dropbox. Important data is asked, even data stored in the Microsoft OneDrive cloud. The malware also probes whether the user's computer contains financial information in cryptocurrency wallets such as Ledger Live, Trezor Suite, KeepKey, BCVault, OneKey and BitBox.

According to Mr. Ngo Tran Vu, Director of NTS Security, "Most individual users and small businesses are still negligent in the face of digital threats. They often have the habit of accessing online movie viewing websites for entertainment right on their Windows computers, which contain a lot of important data. Business data, management account information... are only superficially or incompletely managed, causing these subjects to often suffer heavy damage and be difficult to recover when incidents such as ransomware attacks occur."

"With increasingly diverse threats surrounding users, using a comprehensive protection solution is the right solution, helping users to be safer, even with risks that they do not know or remember" - Mr. Vu shared.