Democracy Dies in Darkness
How to protect your Gmail, Outlook after FBI warning on Medusa ransomware
Faced with major ransomware attacks affecting critical industries, cybersecurity officials are asking companies and individuals to step up their safety practices.
March 17, 2025
By
Tatum Hunter, Washington Post
Attacks using a type of ransomware called Medusa have grabbed headlines and crippled organizations in critical industries including health care. Now, the FBI is asking companies and individuals to take extra steps to protect important accounts, including Gmail and Outlook.
The actors behind the attacks uses classic strategies, such as tricking a recipient into downloading a malicious program to gain access to accounts. Once inside a system, the attackers use Medusa to snake their way through the network until they get their hands on sensitive data, which they then hold for ransom. According to one data leaks site, the hackers have asked victims for $100,000 to $15 million in exchange for not releasing data to the public.
There are a few steps individuals can take to protect themselves and their employers, according to
an advisory from the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) posted last week. If you use an email account or VPN and haven’t turned on two-factor authentication and checked for software updates, now’s the time. Here’s a short cybersecurity to-do list as Medusa and other cyberthreats make the rounds.
Pause before clicking links, especially in emails.
Often, bad actors trick employees by using websites, URLs and email addresses that are just a letter or two off from their legitimate counterparts. For example,[email protected] becomes [email protected]. If an email looks suspicious, hunting for alternative spellings is a good first line of defense.
If an email arrives promising a bonus you didn’t know you were receiving, you probably aren’t receiving it. Hackers use whatever is most likely to get clicks, so get familiar with some classic phishing lures, such as an “accidental” email from HR with an attachment titled “Companywide salaries.” Fake Amazon gift cards and DocuSign links are also popular, says Peter Quach, director of client relations at security firm Polito. Excitement compels people to click, but so does anxiety. “Your Amazon package has been delayed” is another favorite.
Hackers also prey on people’s tendency to defer to authority. Fake emails from CEOs or senior executives asking for account credentials — or wire transfers — area common tactic.
Be wary of links and file downloads from social media, file-sharing tools and email marketing. LinkedIn, Microsoft Office 365, Google’s G-Suite and Dropbox have all been home to messages containing ransomware.
Written messages aren’t the only way to compromise a network. Cybercriminals might also just pick up the phone, pose as a colleague and ask you for account information. Always authenticate requests through another channel or check with IT.
Turn on two-factor authentication
Two-factor authentication adds an extra way to verify your identity when you’re logging in, rather than just a password that can be guessed or stolen.
For all your important accounts — such as Gmail, Outlook, VPNs, banking and health — go into your settings and turn on two-factor authentication. Next time you log in, the account will ask for an extra step to make sure it’s you, such as punching in a six-digit code sent to your text messages or approving the sign-in attempt from a separate authenticator app.
We recommend using an authenticator app on your phone rather than relying on text messages (bad actors love to remotely take over phone numbers). You can go to the Apple or Google app stores to download authenticator apps such as Okta Verify, Google Authenticator or Microsoft Authenticator.
Download your data
You can download the data from important accounts so it’s still accessible in case of a hack.
For Gmail, for instance, go to the Google Takeout tool. You can pick what to download, but make sure “Mail” is selected. When you’re ready, scroll to the bottom and click “next step.” Then choose where you want to receive the downloaded files, what format they should be in and how often you want to back up the account. Then click “create export.” It might take a few hours or days for the download to be ready.
What if you’ve already opened a phishing link or attachment?
You might feel tempted to pretend as though nothing happened and hope no one notices. But don’t do that.
“That is often the first reaction, and it is not ideal,” said Ryan Kalember, chief strategy officer at security firm Proofpoint. “When you fall for something, the attacker still has some window of time where they have to figure out what they’ve just got and whether it’s even worth taking advantage of.”
That gap — or dwell time, in industry lingo — is incredibly valuable for your company’s IT team. If you report what happened right away, odds are you’re in line with your company’s security policies and have little to worry about. Phishing emails are common, and it’s tough to expect employees to get it right 100 percent of the time.
But if you brush the incident under the rug, it could come back to haunt you. When ransomware attackers use phishing to access company networks, they do so through a compromised employee account. By reporting your encounter with a phishing email to your IT team, you distance yourself from any subsequent malicious activity coming from your accounts.
What readers are saying
The comments reflect a strong concern about cybersecurity and the perceived inadequacies of current protective measures. Many commenters emphasize the importance of personal responsibility in securing email accounts, such as using two-factor authentication, password managers.