FBI Warns Idahoans About Medusa Attacks Targeting Gmail, Outlook

It’s not unusual for Idahoans to have multiple email accounts. Many of us have a professional address with our company’s domain that we access through Outlook on the job. You probably have a less formal account set-up through a provider like Gmail that you use to keep in touch with family and do online shopping.

Unfortunately, Outlook and Gmail are two providers that the FBI says are vulnerable to a ransomware variant known as “Medusa.” If you’ve never encountered a ransomware attack before, they’re a real nightmare.

During a typical ransomware attack, cyber criminals will encrypt a user’s important data and make it inaccessible unless you have a decryption key. The hackers will eventually make contact with the victim and demand payment in order to release the data.

stevanovicigor

It’s unpleasant on a personal level, but at a corporate level? These attacks can bring an entire organization to its knees. Newsweek says that “Medusa” is targeting some lucrative sectors including medical, education, insurance, technology and manufacturing.

Get our free mobile app

According to the advisory, Medusa usually recruits hackers to find their way into your system through phishing campaigns that contain shady links or unpatched software issues. In many instances, users don’t realize they’ve been compromised because the cybercriminals are accessing the data through legitimate means (like your Gmail or Outlook accounts) rather than installing a third party malware software.

Fotopress, Getty Images

Tripwire explains that once they have your data, you’ll receive a ransom notification. In many situations, it's a note left on your machine. In other cases, they may reach you by phone to demand payment within 48 hours. They may threaten to post your organization’s data publicly. Sometimes, they’ll offer you an additional day to come up with the ransom for $10,000.

Beware of These Email Addresses Used to Negotiate Ransoms

If you see one of these email addresses in your inbox, it’s a really bad sign that you’ve already been compromised. Through their investigation of 300 victims, the agencies that came together to publish the Medusa advisory say that these are the email addresses most often used to in the negotiation of ransoms

key.medusa.serviceteam@protonmail.com
medusa.support@oinionmail.org
mds.svt.mir2@protonmail.com
MedusaSupport@cock.li

How Can Idahoans Protect Themselves and Their Organizations?

Chip Somodevilla, Getty Images

While most of the suggestions on the advisory’s list are targeted toward IT professionals overseeing large networks, anyone can help prevent cyber attacks like the ones performed by Medusa by requiring passwords for important accounts, using multifactor authentication and installing legitimate security updates when available. Also, always be suspicious of links in emails that don’t look quite right.

While most companies won’t admit that they’ve been a victim of ransomware, we personally know some businesses around Idaho that have had to navigate similar attacks and it’s a nightmare. Be careful online!