The Federal Bureau of Investigation has recently warned of weird ransomware attack threats delivered by the United States Postal Service, yes really, alongside a dangerous ransomware campaign from so-called Ghost attackers, and some of the most sophisticated threats against Gmail users ever. Having previously also advised users to use two-factor authentication to mitigate such attacks, a newly published FBI industry alert has rolled the mitigation advice into one as ongoing attacks by the Medusa ransomware gang continue. Enable 2FA for webmail services such as Gmail and Outlook, as well as for VPNs, the FBI has warned. And enable it now. Here’s what you need to know.

Mitigating Medusa—FBI Says Enable 2FA For Webmail And VPNs Now

When it comes to the immediate, as in right now, actions that all organizations should be taking in order to mitigate the Medusa ransomware attack campaigns, the FBI has recommended the following:

  • Require two-factor authentication for all services where possible, but in particular for webmail such as Gmail, Outlook and others, along with virtual private networks and any accounts that can access critical systems.
  • Require all accounts with password logins to use long passwords and consider not requiring frequently recurring password changes, as these can weaken security.
  • Retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, and secure location.
  • Keep all operating systems, software, and firmware up to date. Prioritize patching known exploited vulnerabilities in internet-facing systems.
  • Identify, detect, and investigate abnormal activity and potential traversal of the indicated ransomware with a networking monitoring tool.
  • Monitor for unauthorized scanning and access attempts.
  • Filter network traffic by preventing unknown or untrusted origins from accessing remote services on internal systems.
  • Audit user accounts with administrative privileges and configure access controls according to the principle of least privilege.
  • Disable command-line and scripting activities and permissions.

The Federal Bureau of Investigation has recently warned of weird ransomware attack threats delivered by the United States Postal Service, yes really, alongside a dangerous ransowmare campaign from so-called Ghost attackers, and some of the most sophisticated threats against Gmail users ever. Having previously also advised users to use two-factor authentication to mitigate such attacks, a newly published FBI industry alert has rolled the mitigation advice into one as ongoing attacks by the Medusa ransomware gang continue. Enable 2FA for webmail services such as Gmail and Outlook, as well as for VPNs, the FBI has warned. And enable it now. Here’s what you need to knowThe Federal Bureau of Investigation has recently warned of weird ransomware attack threats delivered by the United States Postal Service, yes really, alongside a dangerous ransowmare campaign from so-called Ghost attackers, and some of the most sophisticated threats against Gmail users ever. Having previously also advised users to use two-factor authentication to mitigate such attacks, a newly published FBI industry alert has rolled the mitigation advice into one as ongoing attacks by the Medusa ransomware gang continue. Enable 2FA for webmail services such as Gmail and Outlook, as well as for VPNs, the FBI has warned. And enable it now. Here’s what you need to know..

Existing BMT Managed Services client?  We will take care of planning this for you, no need to worry about anything!  Not a BMT client?  Your services provider should have a plan in place, if not reach out to BMT for assistance!