FBI issues warning: Gmail, Outlook, and VPN users at risk – Act fast

The Federal Bureau of Investigation (FBI) and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have issued an urgent warning to the 1.8 billion users of Gmail, Outlook, and VPN services about a rapidly spreading ransomware scheme orchestrated by the notorious Medusa group.

This cyber threat has already impacted over 300 targets, including critical infrastructure sectors like hospitals, schools, and major corporations. With ransomware demands soaring into the millions, it’s time to take action to safeguard your data.

ALSO SEE: Massive power outage disrupts western Cuba: Latest updates

FBI warning: How Medusa ransomware Works

Medusa infiltrates systems through phishing emails or by exploiting vulnerabilities in outdated software. Once inside, it encrypts your files, rendering them inaccessible, and steals copies for leverage. Victims are then extorted for thousands—or even millions—of dollars to regain access to their data and prevent leaks of sensitive information. Recent attacks include:

• Bell Ambulance (Wisconsin): 200 GB of data stolen, $400,000 ransom demanded.
• HCRG Care Group (UK): 2.3 TB of data compromised, $2 million ransom demanded.

Medusa operates as a ransomware-as-a-service (RaaS) group, creating malicious software and selling it to cybercriminals. These hackers then execute attacks and share ransom payments with Medusa. Ransom demands have ranged from $100,000 to $15 million, with over 40 confirmed victims in early 2025 alone.

How to protect your data from Medusa Ransomware

The FBI and CISA recommend the following steps to mitigate the risk:

1. Enable two-factor authentication (2FA): Add an extra layer of security to your email and online accounts.
2. Update software regularly: Ensure your operating systems, software, and firmware are patched with the latest security updates.
3. Backup critical data: Store multiple copies of sensitive information on separate servers or hard drives. For personal files, consider printing physical copies and storing them securely.
4. Use spam filters: Activate spam filters to block phishing emails from reaching your inbox.
5. Avoid suspicious links: Delete emails prompting you to click on links or provide personal information.
6. Use long passwords: Consider not recurring to frequent password changes, as these can weaken security. Use long and unique passwords.

Protecting organizations from Medusa attacks

For businesses and institutions, the stakes are even higher. CISA advises:

• Segment networks: Divide computer networks into smaller sections to limit the spread of ransomware.
• Restrict administrative access: Limit privileges to only what’s necessary for each user.
• Filter network traffic: Block untrusted sources from accessing remote services.

With Medusa’s attacks escalating, vigilance is key. By following the FBI and CISA’s recommendations, you can significantly reduce your risk of falling victim to this devastating ransomware scheme. Don’t wait—secure your accounts and data today.