FBI Warns Gmail Users, What To Do Before It’s Too Late
Published On: March 16, 2025
The Federal Bureau of Investigation (FBI) and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have issued an urgent warning to users of popular email services like Gmail and Microsoft Outlook, as well as Virtual Private Networks (VPNs), about a dangerous ransomware scheme known as Medusa. The ransomware, which has claimed over 300 victims in critical infrastructure sectors, is demanding ransoms of up to $15 million while threatening to release sensitive or embarrassing information to the public if payments are not made.
Medusa, a ransomware-as-a-service (RaaS) variant, has been active since 2021 and has recently escalated its attacks. According to a joint advisory released by the FBI, CISA, and the Multi-State Information Sharing and Analysis Center (MS-ISAC), Medusa primarily uses phishing campaigns to steal victims’ credentials. These campaigns involve fake emails or websites that trick users into providing access to their systems. Once inside, the hackers encrypt critical files and exfiltrate sensitive data, holding it hostage until a ransom is paid.
The ransomware operators employ a “double extortion” model, where they not only encrypt the victim’s data but also threaten to publicly release it if the ransom demands are not met. Medusa operates a data leak site that displays victims alongside countdown timers indicating when the stolen information will be released. Ransom demands, ranging from 100,000 to 15 million, are posted on the site, along with links to cryptocurrency wallets for payment. Victims can even pay an additional $10,000 to extend the countdown by one day.
Who is at risk?
Medusa has targeted a wide range of sectors, including healthcare, education, legal services, insurance, technology, and manufacturing. Hospitals, schools, and major businesses have been among the most affected, with the ransomware exploiting unpatched software vulnerabilities and unprotected systems. The FBI and CISA emphasize that anyone using webmail services like Gmail and Outlook, as well as VPNs, is potentially at risk.
The FBI’s stance on ransom payments
The FBI and CISA strongly discourage paying ransoms, as there is no guarantee that victims will regain access to their data. Additionally, paying ransoms may embolden attackers to target more organizations and fund further illicit activities. Instead, victims are urged to report ransomware incidents to the FBI or CISA immediately.
A growing threat
Since its emergence in 2021, Medusa has evolved from a closed ransomware variant to an affiliate-based model, where developers and affiliates work together to maximize profits. Despite this shift, critical operations like ransom negotiations remain centrally controlled by the developers.
As ransomware attacks continue to rise, the FBI and CISA stress the importance of proactive cybersecurity measures. “The threat posed by Medusa and similar ransomware variants is significant,” the advisory states. “By taking these precautions, individuals and organizations can better protect themselves against these increasingly sophisticated attacks.”
For now, users of Gmail, Outlook, and VPNs are urged to remain vigilant by using antivirus software and carefully verifying the legitimacy of login portals before entering their credentials.