News

Survey Shows IT Pros Are Unable To Keep Up With Data Demands Over Security Concerns

Businesses need access to data to make good decisions, but too much security means data can often be overlooked. We examine the question of security versus data access. Read More

Decentralizing Data Using Cloud Networks Limits Cyber Attack Harm

A cyberattack on a city did not cause major problems because the city had taken proactive measures for just such an incident. We examine the steps taken to minimize damage. Read More

Avoiding Capture From Fake CAPTCHAs

Hackers are at it again. Now they are using the CAPTCHA security tool to trick users to download malware. We show the scheme and how to spot it. Read More

Medusa Ransomware Is Turning Unpatched Systems To Stone

The cybercriminals behind Medusa ransomware increased their activity after a website dedicated to leaked data appeared on the dark web about a year ago.

Medusa is a ransomware family that became prominent in 2023 and targets a wide range of industries. Cybercriminals have infected at least 74 organizations with Medusa ransomware.

Cybercriminals publish the sensitive data of ransomware victims who do not meet their demands on their websites. The gangs pressure victims by posting "information about the organizations, ransom demanded, the amount of time left before the stolen data is released publicly, and the number of views in a bid."

According to researchers at Palo Alto Networks Unit 42, the Medusa group's "multi-extortion strategy" gives victims options with different price tags, such as "time extension, data deletion or download of all the data," after they post the victim's data on the site.

The ransomware group exploits "internet-facing assets or applications with known unpatched vulnerabilities" to access networks and then launches the ransomware to "enumerate and encrypt all files" that are not those associated with the ransomware. Medusa malware uses "living-off-the-land (LotL) techniques" to avoid detection. "Medusa Ransomware on the Rise: From Data Leaks to Multi-Extortion" thehackernews.com (Jan. 12, 2024).

Commentary

This dangerous type of ransomware targets organizations that have "internet-facing assets or applications with known unpatched vulnerabilities." This highlights the importance of keeping all devices with network access patched with the latest updates.

Require employees to set all work devices to update operating systems and applications automatically or have your IT department set all devices to update automatically before providing them to employees.

Consider prohibiting employees from using personal devices to access your network. If employees must use personal devices, require them to install any updates as soon as they are available. Emphasize that cybercriminals can exploit a single unpatched device to infect the entire organization with ransomware.

State that employees who knowingly violate your cybersecurity policy will face disciplinary action as outlined in your written policy. However, make it clear that employees will not be disciplined for reporting suspicious internet activity, as doing so is essential for your IT department to identify a threat from malware.

Finally, your opinion is important to us. Please complete the opinion survey:

Sign In

Are you a new user?

Register here

Retrieve password