FBI has a ‘hacker’ warning for Gmail, Microsoft Outlook users

TOI Tech Desk / TIMESOFINDIA.COM / Mar 17, 2025, 17:01 IST

Text Size

Small
Medium
Large

The FBI and CISA have issued a warning about the Medusa ransomware, which uses phishing to steal credentials and employs a double extortion strategy. They recommend keeping systems updated and using strong passwords.

FBI has a ‘hacker’ warning for Gmail, Microsoft Outlook users

The FBI and the US Cybersecurity and Infrastructure Security Agency (CISA) have warned Gmail and Microsoft Outlook users about a dangerous ransomware scheme. Earlier this week, the US government agencies issued a warning regarding Medusa, a ransomware-as-a-service software responsible for attacks since 2021, which has recently impacted hundreds of individuals. CISA reports that Medusa primarily employs phishing campaigns to steal victims' credentials. Some of the recommendations that the agencies offered to protect against this ransomware include patching operating systems and keeping devices updated, using multi-factor authentication for services like email and VPNs, using strong passwords and avoiding frequent password changes

What the FBI said about Medusa ransomware

According to the advisory (seen by the news agency AP), Medusa developers and affiliates, known as “Medusa actors,” employ a double extortion strategy, encrypting victims' data and threatening to expose the stolen information if the ransom isn’t paid. Medusa runs a data-leak site that lists victims with countdowns to the potential release of their data.
“Ransom demands are posted on the site, with direct hyperlinks to Medusa-affiliated cryptocurrency wallets. At this stage, Medusa concurrently advertises the sale of the data to interested parties before the countdown timer ends. Victims can additionally pay $10,000 in cryptocurrency to add a day to the countdown timer,” the advisory noted.

Furthermore, CISA highlighted that Medusa developers and affiliates have targeted over 300 victims across various industries, including healthcare, education, legal, insurance, technology, and manufacturing since last month.
Last week, the FBI also warned about a surge in "smishing" attacks targeting iPhone and Android users. These scams use fraudulent texts to steal personal and financial data. Cybercriminals have registered over 10,000 domains, fueling a fourfold increase in attacks since January 2025, putting millions at risk of identity theft and fraud, the previous warning noted.

About the Author

TOI Tech Desk

The TOI Tech Desk is a dedicated team of journalists committed to delivering the latest and most relevant news from the world of technology to readers of The Times of India. TOI Tech Desk’s news coverage spans a wide spectrum across gadget launches, gadget reviews, trends, in-depth analysis, exclusive reports and breaking stories that impact technology and the digital universe. Be it how-tos or the latest happenings in AI, cybersecurity, personal gadgets, platforms like WhatsApp, Instagram, Facebook and more; TOI Tech Desk brings the news with accuracy and authenticity.

End of Article