Medusa ransomware hit over 300 critical infrastructure organizations until February 2025

The Medusa ransomware operation, active since June 2021, has impacted over 300 critical infrastructure organizations in the United States. The FBI, CISA, and MS-ISAC issued a joint advisory detailing Medusa’s tactics, including initial access through phishing and exploiting vulnerabilities, and its double extortion model. The advisory also highlights potential triple extortion schemes, where victims are contacted by a separate actor after paying the initial ransom.