The massive attack that could put your Gmail and Outlook accounts at risk

BarcelonaThe FBI and the U.S. Cybersecurity and Infrastructure Security Agency have issued an urgent alert for users of email services such as Gmail and Outlook. According to the warning, a new campaign ransomware The Medusa group's scam is putting the security of thousands of accounts at risk. This attack uses a double extortion model, encrypting victims' data and threatening to release it if a ransom isn't paid. We in Catalonia could also fall victim to these scams: we'll tell you what to do to avoid them.

Why are Gmail users at risk?

Bruno Pérez Juncà, a forensic computer expert and cybersecurity expert, explains that these scams have reached Catalonia and warns of how Medusa attacks email accounts. First, with emails of the type phishing, which simulate being from real entities and aim to trick the user into clicking on a malicious link and entering their account credentials. They also take advantage of data leaks: "Medida collects data and uses automated systems to try to access our accounts," explains Pérez Juncà. Finally, he explains that they use vulnerabilities in the Windows operating system and some programs. "We need to update and verify that they are done correctly," both for the operating system and the applications.

Once inside the system, the ransomware Medusa obtains confidential data, which is then held hostage. The cybersecurity expert explains that they typically encrypt Google Drive, where all the files are stored, and demand money in exchange for decrypting the information. According to The Washington PostHackers have reportedly demanded between $100,000 and $15 million from users in exchange for not making their files public.

How can you tell if your Gmail account has been compromised?

If an email arrives promising a prize you didn't know you were supposed to receive, it's probably a lie. "How do we detect it? If you didn't request it, don't click. Contact the person requesting your information directly to verify it," warns Pérez Juncà. The important thing is to verify the information and not believe what we receive at first.

If we've already provided our information, we need to take urgent measures, such as activating two-factor authentication.

How do we protect our Gmail account?

• Activate two-factor authentication

Two-factor authentication adds an additional way to verify our identity when logging into an account, in addition to requiring a password. It's recommended to use this tool for all important accounts, such as Gmail or your banking app, for example. Bruno Pérez Juncà adds that it's key to use an app on our phone and not rely on text messages: "These are measures that should be taken now. If you haven't done so yet, you'll receive them within four days," he warns. Some examples of these apps are Okta Verify, Google Authenticator, or Microsoft Authenticator, available in the Apple Store or Google Play.

• Download your data

It's also advisable to download data from important accounts so they're still accessible in the event of an attack. For example, in Gmail, you can use Google TakeoutWith this tool, we can choose where to receive downloaded files, what format they should be in, and how often we want to back up our account.

• Use strong, hard-to-guess passwords

It's not advisable to reuse passwords or words that are easy to guess. It's a good idea to use passwords that contain both upper and lower case letters, special characters, and numbers, and that are difficult to steal. Avoid using the same password everywhere, especially on recovery accounts. If one account is compromised, it's very easy for them to break into the other if the password is the same.

• Keep your software up to date and avoid clicking on suspicious links

Keeping your operating system and browser up to date is important when dealing with cyberattacks. You should also be very careful where you click: if you're not sure if the link is malicious, it's best not to risk it and check with other means if you think you've been exposed to a cyberattack.

What is the ransomware Jellyfish?

When we talk about ransomware We are talking about a hacking attack that seeks to hijack files, encrypt them, and demand a ransom to release them. This type of digital attack has affected critical sectors in recent years: an example would be the cyberattack that suffered by the Hospital Clínic two years ago, in which the RansomHouse group also leaked patient data when the ransom demanded was not paid.

In the case of Medusa, we are talking about a very sophisticated group that carries out attacks ransomware against organizations since at least early 2023. Although it operates primarily in the United States, it has affected users around the world and its modus operandi It is based on freezing data and files until the owner pays the ransom.