If you use a Gmail account, the FBI warns you may be the target of ransomware phishing attacks.
According to the bureau, the Medusa ransomware group has already claimed more than 300 victims by using phishing scams to exploit unprotected software on consumers’ devices.
The FBI and U.S. Cybersecurity and Infrastructure Security Agency (CISA) report that the scheme has been particularly successful in targeting large institutions, such as hospitals, schools, and large corporations.
If a target clicks a link in a message, Medusa malware downloads into the device and encrypts files so the user can’t open them. The files are unencrypted only after the victim pays a ransom to the hackers.
To guard against this, the FBI urges Gmail users to enable two-factor authentication, or 2FA. The bureau warns that passwords alone are no longer sufficient to protect devices. 2FA provides an extra layer of security.
How 2FA works
2FA requires device users to provide two forms of identification before accessing an account, significantly reducing the risk of unauthorized access. Common methods include receiving verification codes via SMS text message, using authenticator apps like Google Authenticator, or utilizing hardware security keys.
The FBI has issued many warnings about the evolving tactics used by cybercriminals, stressing the dangers of phishing emails designed to steal login credentials and deploy ransomware. They have also noted that "cookie theft," where attackers steal session cookies to bypass passwords and even multi-factor authentication, is a growing threat.
Sign up below for The Daily Consumer, our newsletter on the latest consumer news, including recalls, scams, lawsuits and more.