Have you heard about the Medusa ransomware gang phishing campaigns? Let's unravel what these phishing campaigns are about and provide you with ways to stay safe.
We understand that, usually, when things like these surface on the news and spread around the Internet, people often get frightened and begin to feel insecure. While that is fine, you need information and to take proactive steps to secure your devices and mitigate attacks.
What You Should Know About Ransomware Attacks
Medusa ransomware gang phishing campaigns refer to phishing campaigns from a ransomware gang known as Medusa. Medusa is a ransomware-as-is variant organization that utilizes ransomware attacks to extort money from individuals and institutions to fund the activities of its organization. But what is a ransomware attack?
"Ransomware" is a combination of two words: "ransom" and "ware." "Ransom" refers to an amount paid for a release, and "ware" refers to a tool or software, which, in this case, is withheld. The combination of both words gives meaning to a hazardous cyber operation on the internet known as ransomware attacks.
Ransomware attacks refer to the techniques employed by unethical software developers and attackers to steal and encrypt valuable products and information with malware and demand money in return. Attackers threaten with publication, deletion, or destruction of information to get their demands met.
Medusa Ransomware Gang Phishing Campaigns
Medusa, a RaaS first identified in June 2021 and used to perform ransomware activities since then, has been under investigation by the Federal Bureaucracy of Investigation (FBI).
Recent investigations dating back to February 2025 have led to the observation of Tactics, Techniques, and Procedures (TTPs) and Identification Of Compromises (IOCs) on Medusa's part, enabling suggestions to mitigate the attacks.
These types of attacks employ the following phishing scam tactics:
Targeted emails on Outlook and Gmail and text messages pretending to be from legitimate companies. E.g., an email of urgency purportedly from your employer.
Messages with links and instructions attempting to get sensitive information like usernames, passwords, and banking details.
The links, email addresses, and messaging style mimic legitimate companies, with slightly different inputs, like a letter, word, or some digits. E.g., PayPal.com mimicked with paypal-verify.com, etc.
Here's why you should be concerned. Medusa ransomware gang phishing campaigns often target important sectors, including educational sectors, hospitals, technology, insurance, and law firms, to mention a few.
According to the Cybersecurity and Infrastructure Security Agency (CISA), the year 2025 alone has been met with over 300 attacks from Medusa Ransomware among the sectors listed above. A recent attack reported in April 2025 involved the National Association for Stock Car Auto Racing (NASCAR) and the demand for $4 million.
In the process, personal and other sensitive, valuable information gets stolen and encrypted, exposing individuals and organizations to foreign attacks and financial losses.
Therefore, the need to follow the safety measures provided by stopransomware.gov to mitigate and stop ransomware attacks cannot be overemphasized.
Meanwhile, the FBI, CISA, and MS-ISAC have put together joint advisory notes recommended for organizations to implement in the fight against Medusa, its affiliates, and other ransomware attacks. The recommendations include the following:
Implementation of recovery plans, including the storage of multiple copies of sensitive data and servers offline or in a physical database, with segmentation to mitigate attacks.
Requiring all users to comply with the National Institute of Standards and Technology (NIST) by maintaining a long-form, strong password with 2-factor authentication for logins.
Updating all applications and operating systems to their latest version to manage cybersecurity threats.
Monitoring the network for anomalies, unauthorized access attempts, and signs of potential ransomware attacks.
Requiring the use of VPNs for remote access and filtering out network traffic from untrusted origins.
Auditing user accounts and reviewing domain controllers, workstations, and directories for unrecognized accounts.
Maintaining backups of data offline and ensuring they are encrypted for security purposes, etc.
The implementation of security awareness and prevention trainings for users, especially employees, will enhance the application of safety rules and help foster security for organizations.
.webp){kind=logo}
