Medusa Ransomware

John Romero
CIP Cyber and Physical Security Analyst

The Medusa ransomware is a ransomware-as-a-service (RaaS) variant used by threat actors to gain access to vulnerable systems and sensitive information, which is then leveraged for extortion tactics. The Cybersecurity and Infrastructure Security Agency (CISA) in partnership with the Federal Bureau of Investigation (FBI) and Multi-State Information Sharing and Analysis Center (MS-ISAC) has recently released joint Cybersecurity #StopRansomware: Medusa Ransomware to provide awareness of the Medusa ransomware tactics, techniques and procedures (TTP) and indicators of compromise (IoCs).

To mitigate Medusa Ransomware activities, the advisory suggests:

  • Ensuring operating systems, software, and firmware are patched and up to date
  • Segmenting networks to restrict lateral movement
  • Filtering network traffic by preventing unknown or untrusted actors from accessing remote services

Texas RE encourages Responsible Entities to review the CISA Alert for more information about the TTPs and information about the risks associated with the Medusa ransomware.  

Helpful Links

Texas RE Info Sheet
Acronym Guide
Mailing Lists
Texas RE Welcome Packet
Ethics Hotline
OATI webPortal
Ask a Question

Follow Us

Contact Us

Email Us
  8000 Metropolis Drive, Building A, Suite 300 Austin, Texas 78744
512-583-4900

©2023 Texas Reliability Entity. All rights reserved.
Privacy Policy | Terms of Use