#StopRansomware: Medusa Ransomware

This joint advisory from FBI, CISA, and MS-ISAC documents the Medusa ransomware-as-a-service (RaaS) campaign active through February 2025, describing its affiliate model, double-extortion extortion and data leak site, common TTPs (PowerShell, certutil, PsExec, Rclone, RDP, Mimikatz), observed IOCs (file hashes, ransom notes, negotiation email addresses), and recommended mitigations (patching, MFA, network segmentation, backups, monitoring).