The U.S. government warns that the Medusa ransomware has affected hundreds of critical infrastructure targets.

A recent report issued by the FBI, CISA, and MS-ISAC warns about the impact of Medusa ransomware, which has affected hundreds of companies in critical infrastructure sectors over the past four years. In total, it is estimated that more than 300 organizations have fallen victim to this group, which operates across various industries, including healthcare, education, law, insurance, technology, and manufacturing.

The document reveals that since its emergence, Medusa’s developers and affiliates have wreaked havoc in several essential sectors, urging entities to adopt mitigation measures to reduce the risk of future attacks. It is advised to implement the guidelines in the Mitigations section, which suggests actions such as addressing existing vulnerabilities, keeping operating systems, software, and firmware up to date, segmenting networks to prevent lateral movement, and filtering network traffic by blocking untrusted accesses.

Medusa made its debut in 2021, initially as a closed variant of ransomware, but its effectiveness was limited in its early days. Over time, it evolved into a Ransomware-as-a-Service (RaaS) model, making it one of the most dangerous variants available. According to the report, its developers recruit initial access intermediaries in cybercrime forums to secure access to potential victims. These affiliates may receive payments ranging from $100 to $1,000, with the possibility of collaborating exclusively with Medusa.

Among the most notable cases is that of the Minneapolis Public School District, which experienced a significant breach that exposed sensitive information, including psychological reports and allegations of abuse. Other sectors that have also been affected by such attacks include healthcare, manufacturing, technology, legal, insurance, and education.