Cybersecurity experts are warning users of popular email services like Gmail and Outlook about a serious ransomware threat. This attack, known as “Medusa,” has already stolen data from hundreds of victims, including professionals in healthcare, education, law, insurance, technology, and manufacturing.
The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI issued a warning on March 12, explaining that Medusa ransomware was first discovered in June 2021. This announcement is part of a larger effort called #StopRansomware, which helps businesses and individuals protect themselves against these cyberattacks.
How Does Medusa Ransomware Work?
Since February 2025, Medusa has affected more than 300 victims. According to the FBI and CISA, the group behind these attacks hires cybercriminals, known as “access brokers,” paying them between $100 and $1 million to break into computer systems. These hackers often gain access by sending fake emails (phishing) or exploiting weaknesses in outdated software.
Opt Out of Linked In AI
A cybersecurity company called Symantec recently reported that a group called Spearwing is behind the Medusa ransomware. This group doesn’t just lock victims’ files—they also steal data first and then demand a ransom. If victims refuse to pay, Spearwing threatens to leak their sensitive information online.
Since early 2023, Spearwing has attacked hundreds of people and businesses. Their data leak website already lists 400 victims, but the real number is likely much higher. The group has demanded ransoms ranging from $100,000 to $15 million. They have even hijacked legitimate accounts, including those of healthcare organizations.
In some cases, security experts have been unable to determine exactly how the hackers gained access, which suggests they may be using multiple methods to break into systems.
How to Protect Your Business from Medusa Ransomware
The FBI and CISA recommend several steps to protect your real estate business or personal data from ransomware attacks:
- Back up your data – Store multiple copies of important files on hard drives, cloud storage, and secure locations.
- Use strong passwords – Employees should use long, complex passwords and update them regularly.
- Enable multi-factor authentication (MFA) – This extra security step makes it harder for hackers to access accounts.
- Update your software – Keep operating systems, programs, and firmware up to date to fix security gaps.
- Segment your network – Separating different parts of your network can prevent ransomware from spreading.
- Monitor your systems – Use network monitoring tools to detect suspicious activity.
- Use VPNs for remote work – Require employees to connect through a secure virtual private network (VPN).
- Block unknown traffic – Restrict access from untrusted sources to your internal systems.
- Disable unused ports – Closing unnecessary network access points can reduce security risks.
- Keep secure backups – Store encrypted, unchangeable copies of your data offline to prevent hackers from deleting or modifying them.
Cyberattacks can be devastating, especially for small businesses. Taking these steps can help protect your real estate business and personal data from ransomware threats like Medusa. Stay informed, stay secure, and stay ahead of cybercriminals.