(TNND) — Government officials sounded the alarm over the growing threat of ransomware attacks.

The FBI and U.S. Cybersecurity and Infrastructure Security Agency issued a joint cybersecurity advisory about Medusa ransomware activity that has claimed hundreds of victims from critical infrastructure sectors.

Medical, education, legal, insurance, technology and manufacturing companies have all been victimized, CISA said.

Medusa is a ransomware-as-a-service variant used to conduct attacks, CISA said.

“Ransomware is always of concern,” said Anton Dahbura, the executive director of the Johns Hopkins University Information Security Institute.

"It's one of the most insidious and widespread types of ransomware attacks," he continued. "And this type of ransomware evidently is impacting individuals as well as entire organizations."

Symantec said this month in a blog post that Medusa ransomware activity continues to increase, with attacks jumping 42% between 2023 and 2024 and already up in the first couple of months this year.

CISA said Medusa developers and their affiliates use a double-extortion model. They steal and encrypt your data and then threaten to release it on the dark web if you don’t pay their demands.

Dahbura said the bad guys attack any way they can, with phishing links in email or through vulnerabilities in network infrastructure.

Whether you use Gmail, Outlook or any other email platform, phishing attacks are a risk.

The bad actors send you an infected link that they try to trick you into clicking.

“If you click on the link, bad things are going to happen,” Dahbura said.

Dahbura offered some tips to individuals to protect themselves.

“I think it's the usual list,” he said.

• Think before you click.
• Is it really someone you know?
• Is there a slight abnormality in the email address, link, or text of the email that should arouse suspicion?

Those small clues can be easy to overlook, especially when you're distracted or multitasking, Dahbura warned.

• Back up your data.
• Encrypt your data.
• Use multifactor authentication whenever possible.

And use strong passwords, he said.

CISA listed even more recommendations that are tailored to network administrators.

“Small companies should really pay particular attention,” Dahbura said. “Because those are typically the kinds of organizations that don't have dedicated system administration staff, much less cybersecurity engineering (staff) in-house.”

Dahbura said this warning from the FBI and CISA should serve as an opportunity for small businesses to make sure they have the right resources in place, even if it means contracting with an outside party.

Dahbura said that includes ensuring software is up to date and staff is trained, “All those kinds of things that organizations need to do on a consistent basis to thwart these kinds of attacks and not be victimized.”