The FBI has issued a warning to users of not only Gmail but also Outlook and VPNs about a dangerous ransomware program called Medusa. Medusa mainly uses phishing campaigns to steal users' login credentials.

The hackers behind Medusa, known as “Medusa actors,” typically employ a double extortion scheme. They not only encrypt victims’ data but also threaten to publicly release the stolen information unless a ransom is paid. Medusa also operates a data leak website that lists victims along with a countdown to release.

Why Gmail Users Should Be Careful of Medusa

The FBI alert notes that the ransom demand posted by Medusa’s operators on the website includes direct links to Medusa’s cryptocurrency wallets. During this phase, Medusa also advertises the sale of data to interested parties before the countdown ends. Victims can pay an additional $10,000 in cryptocurrency to extend the countdown by one day.

According to US government officials, this ransomware-as-a-service has been carrying out attacks since 2021 and has recently affected hundreds of victims. Specifically, CISA said that as of February 2025, Medusa had attacked more than 300 victims in various sectors, including healthcare,education , legal, insurance, technology, and manufacturing.

To protect themselves from ransomware, the FBI and CISA recommend that users keep their operating systems, software, and firmware up to date, and use multi-factor authentication for all services like email and VPNs. Experts also stress the importance of using long passwords and warn that changing passwords frequently can weaken security.