FBI warns of cyberattack risk from Medusa ransomware. (Source: Getty Images)

The US Federal Bureau of Investigation (FBI) and the US Cybersecurity and Infrastructure Security Agency (CISA) have issued a warning about the risk of attacks from the Medusa ransomware, a dangerous cyberattack software that has been active since 2021.

Medusa is a “ransomware-as-a-service” malware that uses phishing to steal victims’ login credentials, according to a warning posted this week by US officials. Hundreds of organizations and individuals have been targeted by Medusa in recent times.

CISA said Medusa operates using a “double extortion” model, which means it encrypts a victim’s data and then threatens to release it if a ransom is not paid. The cybercriminal group behind Medusa operates a website that posts information about victims, with a countdown timer that will release the data if a ransom is not paid.

The FBI and CISA recommend safeguards that include enabling multi-factor authentication for email and other critical services; updating operating systems, software, and other computer programs to patch security vulnerabilities; and using strong passwords and avoiding frequent password changes to help protect against security threats.

According to CISA, since February alone, Medusa's development teams and partners have attacked more than 300 organizations across a wide range of industries, including healthcare, education, legal, insurance, technology, and manufacturing.