Gmail users are at risk from the Medusa ransomware(Image: Carlos Alvarez via Getty Images)

FBI send urgent warning to Gmail and Outlook users over vicious cyberattack threat

by · Wales Online

The FBI has sounded the alarm for Gmail and Microsoft Outlook users over a perilous program known as Medusa ransomware, as it increasingly takes data hostage. Having ensnared over 300 confirmed victims from "critical infrastructure sectors," which incorporate hospitals, schools, and significant businesses, Medusa ransomware deploys phishing scams to prey on vulnerable software.

Recently, authorities from the FBI and US Cybersecurity and Infrastructure Security Agency (CISA) released a statement explaining how Medusa deceives individuals using counterfeit emails or websites into granting access to sensitive information. Once the cybercriminals gain entry, they lock up all crucial files and create duplicates.

Subsequently, the culprits extort a hefty ransom, demanding amounts ranging from $100,000 to an astronomical $15 million (£77,000 to £11.5m), alongside the menacing threat of publicly disclosing potentially humiliating data, reports the Mirror US.

Protect yourself from Medusa

Gmail users are strongly advised by officials to implement two-factor authentication immediately, bolstering security through a verification code sent via text prior to accessing their inbox. Both businesses and private individuals should ensure that their operating systems are fortified with the latest security enhancements.

In addition to these precautions, consider eliminating sensitive photographs currently residing within your Gmail and opt for physical prints of documents vulnerable to confiscation, as recommended by the FBI. Users are also being urged to maintain an active spam filter at all times to prevent phishing emails from reaching their inbox.

They are also advised to delete any suspicious emails containing redirect links, as clicking on these could give hackers access to your computer.

Advice for businesses

The FBI and CISA have issued a three-point plan for organisations to protect themselves from falling victim to the Medusa ransomware:

  • Mitigate known vulnerabilities by ensuring operating systems, software, and firmware are patched and up to date within a risk-informed span of time.
  • Segment networks to restrict lateral movement from initial infected devices and other devices in the same organisation.
  • Filter network traffic by preventing unknown or untrusted origins from accessing remote services on internal systems.