Multiple U.S. federal agencies have issued a joint advisory warning about Medusa, a ransomware-as-a-service (RaaS) cyber threat that was first identified in June 2021.
RaaS is a business model in which ransomware tools are sold by developers to third parties who then launch attacks on targets.
“As of February 2025, Medusa developers and affiliates have impacted over 300 victims from a variety of critical infrastructure sectors,” said the March 12 advisory, published by the Cybersecurity and Infrastructure Security Agency (CISA).
Industries targeted by Medusa include technology, medical, insurance, manufacturing, legal, and education.
The advisory said Medusa actors—developers and affiliates who use the service—deploy a “double extortion model, where victims must pay to decrypt files and prevent further release” of the stolen data….