In March 2025, there was a significant increase in ransomware and information-stealing malware attacks, prompting cybersecurity organizations to urge users to take immediate action to protect their systems.
During this time, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) highlighted the activities of the Medusa cybercrime group. This group is known for executing cyberattacks that utilize data encryption malware to extort money from victims, which include agencies, organizations, businesses, hospitals, and educational institutions. The Medusa group’s sophisticated operations involve exploiting vulnerabilities to penetrate networks and encrypt data, demanding ransoms that can reach millions of dollars. Notably, the group has over 400 reported victims, including Toyota Financial Services, which was held for ransom in November 2023.
Kaspersky, a prominent cybersecurity firm, has documented the activities of the Medusa ransomware in 2023 and provided essential recommendations for businesses to bolster their cybersecurity posture:
- Secure and test remote control services like Remote Desktop.
- Regularly check and update VPN service patches that provide remote access to corporate networks.
- Ensure that the software on all devices is updated to the latest versions.
- Maintain regular backups of critical data.
- Enhance security measures using solutions such as Kaspersky Endpoint Detection & Response for early attack detection.
For individual users, the FBI advises enhancing security for Gmail and Outlook accounts in addition to any VPN services being utilized:
- Back up data in multiple secure locations.
- Keep the Windows operating system and all installed software updated.
- Utilize security monitoring tools to detect potential intrusions on devices and networks.
Reports indicate that nearly 1 million Windows computers were targeted during this wave of attacks. Microsoft specifically warned that millions of Windows computers are at risk of infection through malware linked to pirated movie sites. When users visit these sites, they may unknowingly download malware, which cybercriminals host on platforms like GitHub, Discord, and Dropbox. This multifaceted attack process is highly sophisticated, as the malware seeks sensitive data, including information stored in Microsoft OneDrive and financial details from cryptocurrency wallets such as Ledger Live and Trezor Suite.
Mr. Ngo Tran Vu, Director of NTS Security, emphasized that many individual users and small businesses remain unaware of digital threats, often neglecting necessary precautions. He noted, “They frequently access online movie-viewing websites on their Windows computers, which often contain critical data. Business management information and other sensitive data are typically managed insufficiently, making these entities vulnerable to severe damages, especially during incidents like ransomware attacks.”
To navigate the growing variety of digital threats, Mr. Vu recommends utilizing comprehensive protection solutions, which can help users safeguard their data against risks they may not fully recognize or remember.
