Excerpt from USA Today Article, Published on Mar 17, 2025.
The FBI has issued a high-priority warning to Gmail and Outlook users about the increasing threat of Medusa ransomware, a malicious cyberattack that has breached hundreds of victims’ data. The ransomware, first identified in June 2021, has become a growing concern, targeting individuals and businesses using Gmail, Outlook, and other popular email services. The FBI, alongside the Cybersecurity and Infrastructure Security Agency (CISA), revealed that Medusa ransomware attacks have impacted over 300 victims as of February 2025.
According to the FBI, cybercriminals behind Medusa ransomware use phishing emails to infiltrate Gmail and Outlook accounts. These hackers exploit unpatched software vulnerabilities and gain access to sensitive information, targeting industries such as healthcare, education, insurance, and technology. The FBI reports that these criminals, linked to a group called Spearwing, recruit access brokers who sell compromised credentials, sometimes for amounts ranging from $100 to $1 million. Spearwing is known for double extortion tactics, where they steal data before encrypting networks, pressuring victims into paying massive ransoms. If victims refuse, the attackers threaten to publish stolen information. The FBI has found that ransoms range from $100,000 to $15 million, making Medusa ransomware one of the most financially damaging threats for Gmail and Outlook users.
To combat the rising threat, the FBI is urging Gmail and Outlook users to implement strict cybersecurity measures. Recommendations include enabling multi factor authentication, regularly updating software, segmenting networks, and monitoring for unusual activity. The FBI also advises Gmail and Outlook users to be cautious of phishing emails and avoid clicking on suspicious links. With Medusa ransomware attacks on the rise, the FBI’s warning serves as a crucial reminder for Gmail and Outlook users to stay vigilant. Strengthening cybersecurity defenses can prevent these attacks, safeguarding personal and business data from falling into the hands of cybercriminals.
To delve deeper into this topic, please read the full article USA Today.
