FBI issues national security warning to Gmail, Outlook email users

March 17, 2025
The agencies warn Gmail and Outlook users to be on the lookout for harmful emails containing ransomware.

Cyberattacks are on the rise, and the FBI and U.S. Cybersecurity and Infrastructure are urging citizens to remain vigilant against ransomware attacks.

The agencies warn Gmail and Outlook users to be on the lookout for harmful emails containing ransomware—a kind of malicious software that prevents you from accessing your computer files, systems, or networks and demands you pay a ransom for their return.

“You can unknowingly download ransomware onto a computer by opening an email attachment, clicking an ad, following a link, or even visiting a website that’s embedded with malware,” the FBI warns.

“Once the code is loaded on a computer, it will lock access to the computer itself or data and files stored there. More menacing versions can encrypt files and folders on local drives, attached drives, and even networked computers.”

In an ongoing ransomware scheme orchestrated by a group of “cyber threat actors,” victims are targeted with malware via phishing campaigns and devices containing vulnerable software using a program called “Medusa.”

The Medusa malware has been used for ransomware attacks from 2021 until present, the Cybersecurity and Infrastructure Security Agency said.

“As of February 2025, Medusa developers and affiliates have impacted over 300 victims from a variety of critical infrastructure sectors, with affected industries including medical, education, legal, insurance, technology, and manufacturing,” the agency said.

Medusa actors use legitimate tools and advanced programs to hijack victims data and devices.

Once they have a foothold on a victim’s network, commonly scanned ports include several databases such as FTP, SSH, Telnet, HTTP, SFTP, HTTPS, SQL database, Firebird database, HTTP web proxy, MySQL database, and RDP.

The group uses a “double extortion model,” where victims must pay to decrypt their files and prevent the group from leaking their data.

Attackers demand victims make contact within 48 hours, and if they do not respond, actors reach out directly to the victim via phone or email.

“Medusa operates a .onion data leak site, divulging victims alongside countdowns to the release of information. Ransom demands are posted on the site, with direct hyperlinks to Medusa-affiliated cryptocurrency wallets,” the agency warns.

“At this stage, Medusa concurrently advertises the sale of the data to interested parties before the countdown timer ends. Victims can additionally pay $10,000 USD in cryptocurrency to add a day to the countdown timer.”

Feds suggest following these prevention measures to avoid a malware attack:

  • Implement a recovery plan.

  • Require all accounts with password logins to use long passwords and not require frequently recurring password changes, as these can weaken security.

  • Require multifactor authentication.

  • Keep all operating systems, software, and firmware up to date.

  • Identify, detect, and investigate abnormal activity with a networking monitoring tool.

  • Require VPNs or Jump Hosts for remote access.

  • Monitor for unauthorized scanning and access attempts.

  • Filter network traffic by preventing unknown or untrusted origins from accessing remote services on internal systems.

  • Audit user accounts.

  • Review domain controllers, servers, workstations, and active directories for new and/or unrecognized accounts.

  • Maintain offline backups of data.

  • Ensure all backup data is encrypted.

----

©2025 Advance Local Media LLC.

Visit masslive.com.

Distributed by Tribune Content Agency, LLC.