CISA, the Federal Bureau of Investigation, and MS-ISAC have released the #StopRansomware: Medusa Ransomware advisory as part of their ongoing efforts to combat ransomware threats. Medusa, a Ransomware-as-a-Service (RaaS) variant, has been active since June 2021, affecting over 300 victims across sectors such as healthcare, education, and manufacturing. It operates using a double extortion model, where data is encrypted, and victims are threatened with the public release of their data unless a ransom is paid. Initial access is typically gained through phishing campaigns or exploiting unpatched vulnerabilities like CVE-2024-1709 and CVE-2023-48788. Once inside a network, attackers use tools like Advanced IP Scanner and SoftPerfect Network Scanner to identify critical systems and vulnerable ports. Medusa actors rely on living off the land techniques, including PowerShell and Certutil, to evade detection. For lateral movement, they utilize remote access tools and legitimate software like PsExec and remote desktop protocol. Organizations are urged to patch vulnerabilities, segment networks, and filter traffic to limit lateral movement. To read the joint Cybersecurity Advisory please visit #StopRansomware: Medusa Ransomware.