FBI issues urgent warning to Gmail users

The FBI has advised Gmail, Outlook, and VPN users to take steps to mitigate the risks, and urged users to act quickly to protect critical systems.

How dangerous is the Madusa ransomware group?

Active since June 2021, Medusa is considered one of the most dangerous ransomware groups targeting individuals and businesses through ransomware-as-a-service (RaaS), with 300 recorded victims. The group uses social engineering and exploits unpatched software vulnerabilities to infiltrate systems.

Security expert Tim Morris of Tanium stressed that Medusa's methods are sophisticated, with the ability to "exploit, persist, move laterally, and hide," making it crucial to have a comprehensive security plan in place. Meanwhile, Halcyon CEO Jon Miller said Medusa is a highly strategic group that often targets critical infrastructure organizations because they cannot afford downtime.

The FBI’s most recent investigation into Medusa’s activities in February 2025 provided insight into how the group operates. The FBI gathered information about Medusa’s tactics, techniques, and procedures before publishing it in cybersecurity advisory AA25-071A on March 12.

What is the solution for Gmail, Outlook and VPN users?

The FBI has taken urgent steps to address the Medusa threat. The agency recommends that users enable two-factor authentication (2FA) for all services, especially Gmail, Outlook, and VPNs. The FBI stresses that this should be done immediately to protect data.

Additionally, the FBI also offers a number of other important tips that users should follow to stay safe, including:

• Use long, strong passwords for all accounts.
• Store multiple backup copies of important data in multiple secure locations.
• Always keep your system, software and firmware up to date.
• Use network monitoring tools to detect unusual activity.
• Limit administrative rights and regularly review these accounts.
• Disable unnecessary command line tools and scripts.
• Close unused network ports to reduce the risk of attack.

But some experts say the FBI has overlooked a key piece of prevention: training, since most ransomware attacks are caused by human error. Teaching people how to spot risks, just as important as learning how to avoid scams, could make a big difference.