FBI Warns Gmail Users of Rising Medusa Ransomware Threat

STATEN ISLAND, N.Y. — The FBI and U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a formal warning this week to users of popular email services, including Gmail and Microsoft Outlook, about an alarming surge in ransomware attacks linked to the Medusa ransomware gang. This group has reportedly targeted over 300 organizations across various critical sectors, including medical, education, and technology, since its inception in 2021.

The Medusa ransomware operates under an affiliate model, where crucial tasks, including ransom negotiations, are still managed centrally by the group’s developers. The gang employs a double extortion tactic: they encrypt sensitive data and then threaten to release it publicly if the demanded ransom, which can range from $100,000 to $15 million, is not paid.

As of February 2025, cyberattacks attributed to Medusa have seen a staggering increase, with a 42% rise noted from 2023 to 2024. According to a report from Symantec’s Threat Hunter team, nearly twice as many Medusa attacks occurred in just the first two months of 2025 compared to the same period the previous year.

‘While Medusa has advanced its operations, its fundamental methods of exploitation remain,’ said Tim Morris, chief security advisor at Tanium. ‘Their multi-faceted approach makes it imperative for organizations to maintain strict asset management and robust security protocols,’ he added.

The FBI’s recent advisory highlights the importance of implementing strong cybersecurity measures to counter potential attacks. Recommended actions include utilizing long, unique passwords and enabling multi-factor authentication for all accounts, especially those that access critical systems. Moreover, keeping software and operating systems updated can significantly mitigate vulnerabilities.

Jon Miller, CEO of Halcyon, emphasized the need for critical infrastructure entities to be particularly vigilant. ‘The motivation to sustain uninterrupted services makes them prime targets for ransomware operators like Medusa, making robust defense strategies essential,’ Miller said.

In response to the warning, organizations are advised to develop comprehensive data recovery plans and maintain robust spam filters to prevent phishing attempts that can grant hackers access to systems. The FBI and CISA’s advisory outlines several mitigation strategies that organizations should consider: ensuring systems are patched and up-to-date, segmenting networks to limit malware spread, and filtering network traffic to prevent unauthorized access.

Despite the warnings, some cybersecurity experts believe that the FBI’s recommendations, while important, fall short. Roger Grimes, a data-driven defense evangelist at KnowBe4, criticized the lack of emphasis on security awareness training, stating that social engineering tactics play a crucial role in ransomware propagation. ‘It’s as if we continue to ignore the primary routes of attack while suggesting additional locks for the doors,’ Grimes said.

Organizations and users alike are urged to remain vigilant and proactive in their cybersecurity practices to guard against the escalating threat posed by ransomware groups such as Medusa.