The FBI is warning the more than 1.8 billion people who use Google’s Gmail about a dangerous ransomware scheme that could hold your private data hostage.
Medusa ransomware group has already victimized over 300 targets using phishing scams to exploit unprotected software in the users’ digital devices.
According to the FBI and US Cybersecurity and Infrastructure Security Agency (CISA), the scheme has been particularly devastating for critical infrastructure sectors, with employees in hospitals, schools, and major businesses falling victim to these attacks.
Medusa sneaks into computers by tricking people with fake emails or finding weak spots in their systems using malicious online content like phony websites.
Once it’s in, it locks up all your important files so you can’t open them, and also steals copies of them for the hackers.
After the victim’s private data is essentially taken hostage, Medusa will demand a ransom payment of thousands or even millions of dollars to unlock the files and not leak the potentially embarrassing information to the public.
To prevent this ransomware from targeting you, the FBI and CISA are urging anyone using email services like Gmail to immediately start using two-factor authentication (2FA) – an added layer of protection which texts you a security code before logging into your mail.
They’re also advising that the public and businesses immediately check their operating systems, software, and firmware to make sure they’re properly patched and have the latest security updates.
The FBI has warned that over 300 victims in critical infrastructure sectors have already been attacked by the ransomware scheme (Stock image)
Federal agents added that if you have sensitive information on your devices, it’s important to keep multiple copies on separate servers or hard drives.
For personal documents or photos that might be stored in your Gmail, it may even be more secure to print out and keep physical copies in a secret location.
For larger organizations, CISA urged companies to filter their network traffic by preventing unknown or untrusted origins from accessing remote services.
Simply put, companies with many employees should set up their networks so only trusted people or systems can connect to their important internal tools, keeping out random hackers like Medusa.
Organizations should also check who has special administrative powers, then limit what they can do to just what’s needed, so Medusa can’t use those accounts to cause severe damage.
To keep places like hospitals and schools safe, authorities recommended that institutions split their computer networks into smaller sections – so if Medusa breaks in, it can’t easily spread everywhere.
This tactic, called ‘segmenting networks,’ basically puts up locked doors between the different departments in a building, like the payroll system or patient records.
All this makes it harder for Medusa to spread into nearby areas of the computer system and take more files hostage, what CISA called ‘lateral movement.’
To avoid ransomware, federal agents recommended that everyone switch to two-factor authentication for logging in to their email and download the latest security updates on their devices (Stock image)
These ransomware attacks aren’t just a bunch of random incidents carried out by various hackers.
The FBI noted that Medusa is a ransomware-as-a-service group, meaning they create the malicious software which locks up a victim’s computer and then sells those programs to cybercriminals who carry out the attacks.
Once the hackers successfully break into someone’s computer or an organization’s network and get paid by the victim, they’ll split those ransom payments with the Medusa group.
According to Infosecurity Magazine, the demands sent by Medusa ransomware have ranged from $100,000 to $15 million.
The scheme has reportedly already claimed over 40 victims between January and February 2025 alone.
However, cybersecurity experts believe that number could be much higher because some victims likely paid off the hackers to avoid reporting that they had been scammed.
In February, Wisconsin-based Bell Ambulance had over 200 gigabytes of data stolen by a Medusa attack. The group reportedly demanded $400,000 for its return.
In the UK, private healthcare provider HCRG Care Group was held up for $2 million after hackers successfully stole 2.3 terabytes (2,300 gigabytes) of company data.
For the nearly two billion people now worried about their Gmail accounts, cyber experts continue to recommend that you keep an active spam filter on at all times to prevent phishing emails from reaching your inbox.
For suspicious emails that direct you to click on a link or fill out forms providing detailed information about yourself, delete them immediately.
Those links in your email will likely trigger the attack by sending you to a malicious website where the hacker can gain control of your computer.
