CISA, FBI warn healthcare, other critical sectors about Medusa ransomware

Medusa Ransomware Affiliates Target Healthcare Organizations

The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency have issued a warning to healthcare organizations about the threat of Medusa ransomware affiliates exploiting unpatched software and common vulnerabilities and exposures.

Why Healthcare Organizations Should Pay Attention

In a joint advisory with the Multi-State Information Sharing and Analysis Center, the FBI and CISA outlined the tactics, techniques, and procedures used by Medusa ransomware affiliates. This variant has already affected over 300 victims in critical infrastructure sectors, including a state health insurer, since 2021.

Medusa ransomware developers recruit cybercriminals in forums and marketplaces to gain initial access to potential victims. Affiliates use legitimate tools like Advanced IP Scanner and SoftPerfect Network Scanner to evade detection and establish a presence on networks.

Victims are demanded to contact the ransomware operators within 48 hours through a Tor browser-based live chat or the encrypted instant-messaging platform Tox. Failure to comply may result in direct outreach via phone or email.

To mitigate the risk of Medusa ransomware attacks, organizations should ensure their operating systems, software, and firmware are regularly patched and up to date. Network segmentation and traffic filtering can also limit lateral movement and unauthorized access to internal systems.

The Growing Threat of Ransomware Attacks

Medusa ransomware utilizes phishing campaigns and exploits vulnerabilities in software like ConnectWise ScreenConnect, as seen in the recent Change Healthcare cyberattack. Rural hospitals, in particular, are at risk due to limited resources and cybersecurity measures, making them prime targets for cyber exploitation.

Expert Insights

In a statement, the FBI, CISA, and MS-ISAC highlighted the evolution of Medusa ransomware from a closed variant to an affiliate model. While affiliates play a role in the distribution of the ransomware, key operations such as negotiation remain centralized with the developers.

Andrea Fox, Senior Editor of Healthcare IT News, can be reached at afox@himss.org. Healthcare IT News is a publication of HIMSS Media.

CISA, FBI warn healthcare, other critical sectors about Medusa ransomware

Democrat senators warn Medicaid cuts could worsen rural hospital cybersecurity

The One Big Beautiful Bill And The Case For Reform in Healthcare

Risk management, legacy tech pose major cyber threats to healthcare firms, report finds

Teladoc to launch employee assistance program

A Doctor’s Dream Impacts Healthcare

Best Buy Health to lay off 161

Molecules in blood and urine could reveal how much ultra-processed food you eat

Trump’s tariffs hit surgical robots, medical device companies

Christi Grimm interview, Crisis at HHS, Medicare rates

Texas measles outbreak reaches 400 cases

Pepsi Announces Prebiotic Version of Its Classic Cola

Transforming Smiles And Boosting Confidence

Access to green spaces may be linked to lower risk of neurodevelopmental disorders in children

About Us

Popular post

‘We Need To Keep Fighting’: HIV Activists Organize To Save Lives as Trump Guts Funding

New rules for cosmetic injectables aim to make the industry safer. Will they work?

Exclusive: Helping Hands Family Acquires Mission Autism Clinics, Grows to Nearly 40 Locations

Subscribe Newsletter

CISA, FBI warn healthcare, other critical sectors about Medusa ransomware

Medusa Ransomware Affiliates Target Healthcare Organizations

Why Healthcare Organizations Should Pay Attention

The Growing Threat of Ransomware Attacks

Expert Insights

Keep Reading

About Us

Popular post

Subscribe Newsletter