(Web Desk) - The FBI is warning the more than 1.8 billion people who use Google's Gmail about a dangerous ransomware scheme that could hold your private data hostage.
Medusa ransomware group has already victimized over 300 targets using phishing scams to exploit unprotected software in the users' digital devices.
According to the FBI and US Cybersecurity and Infrastructure Security Agency (CISA), the scheme has been particularly devastating for critical infrastructure sectors, with employees in hospitals, schools, and major businesses falling victim to these attacks.
Medusa sneaks into computers by tricking people with fake emails or finding weak spots in their systems using malicious online content like phony websites.
Once it's in, it locks up all your important files so you can't open them, and also steals copies of them for the hackers.
After the victim's private data is essentially taken hostage, Medusa will demand a ransom payment of thousands or even millions of dollars to unlock the files and not leak the potentially embarrassing information to the public.
To prevent this ransomware from targeting you, the FBI and CISA are urging anyone using email services like Gmail to immediately start using two-factor authentication (2FA) - an added layer of protection which texts you a security code before logging into your mail.
They're also advising that the public and businesses immediately check their operating systems, software, and firmware to make sure they're properly patched and have the latest security updates.
Federal agents added that if you have sensitive information on your devices, it's important to keep multiple copies on separate servers or hard drives.
For personal documents or photos that might be stored in your Gmail, it may even be more secure to print out and keep physical copies in a secret location. For larger organizations, CISA urged companies to filter their network traffic by preventing unknown or untrusted origins from accessing remote services.
Simply put, companies with many employees should set up their networks so only trusted people or systems can connect to their important internal tools, keeping out random hackers like Medusa.
Organizations should also check who has special administrative powers, then limit what they can do to just what's needed, so Medusa can't use those accounts to cause severe damage.
To keep places like hospitals and schools safe, authorities recommended that institutions split their computer networks into smaller sections - so if Medusa breaks in, it can't easily spread everywhere.
This tactic, called 'segmenting networks,' basically puts up locked doors between the different departments in a building, like the payroll system or patient records.
All this makes it harder for Medusa to spread into nearby areas of the computer system and take more files hostage, what CISA called 'lateral movement.'