From CISA.gov, a #StopRansomware advisory:
Medusa is a ransomware-as-a-service (RaaS) variant first identified in June 2021. As of February 2025, Medusa developers and affiliates have impacted over 300 victims from a variety of critical infrastructure sectors with affected industries including medical, education, legal, insurance, technology, and manufacturing. The Medusa ransomware variant is unrelated to the MedusaLocker variant and the Medusa mobile malware variant per the FBI’s investigation.
FBI, CISA, and MS-ISAC encourage organizations to implement the recommendations in the Mitigations section of this advisory to reduce the likelihood and impact of Medusa ransomware incidents.
Download the PDF version of this report: AA25-071A #StopRansomware: Medusa Ransomware (PDF, 672.45 KB )
For a downloadable list of IOCs, see: AA25-071A STIX XML (XML, 34.30 KB ) AA25-071A STIX JSON
Read more at CISA.
