Americans who use Gmail and Outlook are under threat from dangerous hackers who are demanding millions in ransom payments. The FBI and Cybersecurity and Infrastructure Security Agency (CISA) have sounded the alarm on a sophisticated ransomware attack that’s already claimed hundreds of victims across the country.
At a glance:
• FBI and CISA warn Gmail and Outlook users about Medusa ransomware targeting critical industries
• Hackers demand ransoms ranging from $100,000 to $15 million from victims
• Over 300 organizations have been impacted by Medusa attacks as of February 2025
• Attackers threaten to leak sensitive data if ransom isn’t paid
• Federal authorities recommend multi-factor authentication and regular system backups to protect against attacks
Medusa Ransomware Targeting Critical American Industries
The FBI and CISA have issued an urgent warning about the Medusa ransomware group actively targeting Gmail and Outlook users across America. The group has been hitting critical infrastructure sectors including healthcare organizations, exploiting email vulnerabilities to gain access to sensitive systems and data.
Medusa ransomware, first identified in June 2021, has already impacted over 300 victims according to federal authorities. The malicious software spreads primarily through sophisticated phishing emails that trick unsuspecting users into clicking dangerous links or downloading infected attachments.
A shadowy group called “Spearwing” operates the ransomware according to cybersecurity firm Symantec, employing “access brokers” who are paid between $100 and $1 million to infiltrate vulnerable systems. The cybercriminals target organizations that handle sensitive information, making them more likely to pay ransoms rather than risk data exposure.
Double Extortion Tactics Threaten Americans’ Data
Victims of Medusa ransomware face devastating consequences as hackers employ a “double extortion” strategy to maximize profits. The attackers not only encrypt critical systems, rendering them unusable, but also steal sensitive data before encryption and threaten to publish it unless their demands are met.
The ransom demands are substantial, ranging from $100,000 to an astounding $15 million depending on the target organization’s size and value of compromised data. The cybercriminals have established a dedicated “data leaks site” where they publish stolen information from organizations that refuse to comply with their demands.
Security experts have observed Spearwing victimizing approximately 400 organizations since early 2023, with many victims appearing on their data leaks site. The group frequently hijacks legitimate accounts, particularly those belonging to healthcare organizations.
Users of popular email services such as Microsoft’s Outlook and Google’s Gmail could be subject to cyberattacks by Medusa, a ransomware cybercriminal business model that has affected more than 300 targets since February in a number of sectors, including technology, legal,…
— NEWSMAX (@NEWSMAX) March 20, 2025
How Americans Can Protect Themselves
The FBI and CISA have issued specific recommendations for organizations and individuals to protect against Medusa ransomware attacks. Recommended practices include using long, complex passwords that are frequently changed, implementing multi-factor authentication, and keeping all systems up-to-date with the latest security patches. Network segmentation, traffic filtering, and continuous monitoring for suspicious activity are also critical defense strategies against these sophisticated attacks.
The joint advisory is part of the government’s #StopRansomware initiative aimed at helping Americans protect their digital assets and critical infrastructure. The FBI urges all potential victims to report suspicious activities immediately and avoid paying ransoms, as payment encourages future criminal activity.
Do you use Gmail or Outlook? FBI, CISA issue warning about Medusa ransomware https://t.co/QcX4ZkE7nz
— USA TODAY (@USATODAY) March 18, 2025
