Summary: Yesterday, CISA—in partnership with the FBI and MS-ISAC—released a joint Cybersecurity Advisory, titled “#StopRansomware: Medusa Ransomware.” This advisory provides tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), and detection methods associated with known Medusa ransomware activity.

Analyst Note: FBI and CISA urge organizations to act now to mitigate the threat posed by the Medusa ransomware gang. Since February 2025, the group attacked 300 organizations from a variety of critical infrastructure sectors. While no specific attack has been identified in the water and wastewater sector from Medusa ransomware, their propensity to attack critical infrastructure puts the sector at risk.

Immediate actions organizations can take to mitigate Medusa ransomware activity: 

• Ensure operating systems, software, and firmware are patched and up to date.
• Segment networks to restrict lateral movement.
• Filter network traffic by preventing unknown or untrusted origins from accessing remote services.

WaterISAC encourages members and network defenders to review the advisory and implement its recommended mitigations to reduce the likelihood and impact of Medusa ransomware incidents.

Original Source: https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-071a

Additional Reading:

• Medusa Ransomware: FBI and CISA Urge Organizations to Act Now to Mitigate Threat
• Medusa Ransomware Hits 40+ Victims in 2025, Demands $100K–$15M Ransom

Related WaterISAC PIRs: 6, 6.1, 7, 7.1, 12