FBI Issues Urgent Warning to Gmail and Outlook Users
The FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have issued a warning to all Gmail and Outlook users. A new ransomware attack, known as Medusa, is targeting individuals and businesses across multiple industries.
What is Medusa Ransomware?
Medusa ransomware first appeared in June 2021. The FBI and CISA confirmed this in an official statement on March 12, 2025. The cybercriminals behind Medusa have compromised more than 300 victims, including people in the medical, education, legal, insurance, technology, and manufacturing sectors.
The Medusa group recruits access brokers who help them breach networks. These brokers receive payments ranging from $100 to $1 million. The hackers use phishing emails and exploit unpatched software vulnerabilities to gain access to sensitive data.
How Medusa Ransomware Works
Medusa operates using a double extortion model. The attackers encrypt victim data and then threaten to leak the stolen files unless the ransom is paid. The ransomware group runs a data-leak website where they list their victims. Each victim gets a countdown timer that shows when their stolen data will be released.
Victims have an option to delay the release by paying $10,000 in cryptocurrency for each extra day. The Medusa site also lists ransom demands with direct links to the group’s cryptocurrency wallets.
Who is at Risk?
Medusa ransomware targets individuals and businesses using:
- Gmail, Outlook, and other email services
- VPNs, corporate networks, and web-based applications
- Outdated or unpatched software
How to Protect Yourself
The FBI and CISA recommend taking the following precautions:
- Use Strong Passwords: Create long, unique passwords for each account.
- Enable Multi-Factor Authentication: Use MFA for webmail, VPNs, and accounts with critical access.
- Keep Software Updated: Install the latest updates for operating systems, applications, and firmware.
- Beware of Phishing Emails: Do not click suspicious links or download unknown attachments.
- Backup Your Data: Regularly back up important files and store them offline.
Medusa Ransomware: A Growing Threat
Since 2021, Medusa ransomware has continued to evolve. The group now uses an affiliate model, where multiple hackers work together under the Medusa brand. However, ransom negotiations remain controlled by the original developers.
What to Do If You Are a Victim
If your system is infected with Medusa ransomware, do not pay the ransom. Instead:
- Disconnect from the Internet: Prevent further spread by isolating the infected device.
- Report the Incident: Contact the FBI’s Internet Crime Complaint Center (IC3) at www.ic3.gov.
- Seek Professional Help: Work with cybersecurity experts to remove the malware and restore data.
Final Thoughts
The FBI and CISA are actively working to stop Medusa ransomware. However, users must stay vigilant. By following cybersecurity best practices, individuals and businesses can reduce the risk of falling victim to ransomware attacks.
References:
- https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-071a
- https://www.usatoday.com/story/tech/2025/03/17/fbi-warning-gmail-outlook-email-medusa-ransomware/82487647007
# Written by Elliyas Ahmed
