The FBI and CISA (Cybersecurity and Infrastructure Security Agency) recently issued a warning, urging businesses, non-profits, schools, and individuals to turn on two-factor authentication (2FA) for their email accounts and VPN services to combat a surge in ransomware attacks. This comes in response to growing ransomware threats, particularly from the Medusa ransomware group, which has been actively targeting critical sectors like healthcare, education, and legal services since 2021.

The Medusa ransomware group operates through a ransomware-as-a-service (RaaS) model. This means they provide their ransomware tools to other cybercriminals, who then launch attacks on Medusa’s behalf. The attackers often gain access to networks through phishing emails or by exploiting unpatched software vulnerabilities. Once inside, they encrypt valuable data and demand a ransom for its release. To further pressure victims, they threaten to leak sensitive data if payments aren’t made.

For businesses, this advisory is a clear reminder that cybersecurity measures can't be an afterthought. Cyberattacks are evolving, becoming more sophisticated and harder to detect. A single compromised email account or VPN login can give attackers the foothold they need to infiltrate an entire network. That’s why implementing 2FA — an extra layer of security requiring a secondary verification step, like a code sent to a phone — has become a non-negotiable safeguard.

However, the risk isn’t limited to businesses alone. Non-profits, churches, and schools are also prime targets for ransomware attacks. These organizations often operate with limited IT resources and may assume they’re less appealing to cybercriminals. In reality, they hold valuable data — donor information, financial records, student data — that attackers can exploit.

Non-profits and churches are especially vulnerable because they rely on public trust. A data breach not only disrupts operations but can also damage their reputation, making it harder to attract donations and support. Schools face similar challenges, with student safety and privacy at stake. Cyberattacks can lock down essential systems, delaying classes and disrupting administrative functions.

For these organizations, the cybersecurity playbook remains the same — but perhaps even more urgent. Enabling 2FA, conducting staff training, enforcing strong password policies, and maintaining offsite backups are essential steps to prevent attacks. Additionally, IT volunteers or outsourced services can help ensure systems are patched and monitored regularly.

Network segmentation, particularly in schools with large systems and public-facing networks, helps limit how far an attacker can move if they breach one part of the network. Churches and non-profits, many of which handle online donations, should also invest in secure payment processing services and monitor for signs of fraudulent activity.

The bottom line? Cyberattacks are not going away — they’re accelerating. Businesses, non-profits, churches, and schools that take proactive steps to strengthen their defenses, like enabling 2FA and implementing comprehensive security strategies, will be far better equipped to withstand ransomware attacks.

Bibliography:

Winder, D. (2025, March 24). Attack Update As FBI Warns Email And VPN Users: Activate 2FA Now. Forbes. Retrieved from https://www.forbes.com/sites/daveywinder/2025/03/24/attack-update-as-fbi-warns-email-and-vpn-users-activate-2fa-now

Cybersecurity and Infrastructure Security Agency. (2025). Medusa Ransomware Advisory. Retrieved from https://www.cisa.gov

Federal Bureau of Investigation. (2025). Cyber Threats and Ransomware Guidance. Retrieved from https://www.fbi.gov

National Cyber Security Centre. (2025). Cyber Threats to Charities and Non-Profits. Retrieved from https://www.ncsc.gov.uk

CyberPeace Institute. (2024). The Impact of Cyberattacks on Non-Profits and Civil Society. Retrieved from https://cyberpeaceinstitute.org