Your organization comes to a standstill. Your data is encrypted. Then you receive a message threatening to publicly release exfiltrated data if you don’t pay a ransom.

Now imagine your organization is critical infrastructure — a hospital system, a school district, a government agency, a public transport network. Downed systems mean potentially millions of people can’t receive critical services.

This has been a reality for over 300 organizations in the U.S. alone hit by Medusa ransomware, according to a new report from CISA. And there’s no end in sight.

What we’re seeing with Medusa isn’t just a spike in ransomware. It’s a reflection of a larger evolution in ransomware. And the question every organization should be asking right now is: If an attack like Medusa came for you, could you survive it?

Medusa is a glimpse into the future of ransomware

What makes Medusa particularly insidious is how it operates.  

This isn’t smash-and-grab ransomware. It’s slow, methodical, and devastating.  

CISA’s report said Medusa typically executes living-off-the-land (LotL) techniques to evade detection. In some cases, Medusa has killed and even deleted endpoint detection and response tools in organizations’ networks. In others, they’ve bypassed or disabled security software.

Even worse, Medusa uses double extortion tactics against their victims. It doesn’t just encrypt data but steals it and threatens to leak it. The group uses lateral movement to quietly crawl through networks, finding soft targets and pivoting toward critical assets before unleashing chaos.

Medusa shows why the most important cybersecurity question you can ask today isn’t “How do I stop ransomware from getting in?” It’s “How do I stop it from spreading?”

Ignore ransomware, pay the price

New research from Illumio's Global Cost of Ransomware Study shows just how widespread and damaging these attacks really are:

• A staggering 88% of organizations experienced at least one ransomware incident over the past year.
• 58% had to shut down operations after an attack.  
• On average, a quarter of victims' critical systems were affected, with an average of 12 hours of downtime.  
• The average ransom demand equated to $1.2 million (USD).
• Ransomware took an average of 132 hours and 17.5 people to contain and remediate.
• Brand damage was the most expensive consequence of a ransomware attack. In fact, it was higher than the cost of lost revenue, downtime, regulatory fines, or legal fees.

These numbers paint a clear picture: ransomware isn’t just an IT issue — it’s a business crisis. Ignoring the threat means gambling with your operations, reputation, and bottom line.

The illusion of preparedness

Ransomware attacks keep crippling businesses. Yet 54% of respondents to the study were confident in their security controls.

Too many organizations believe their current controls are enough. But confidence doesn’t equal readiness.

Half of the organizations in the study admitted they’re not prepared to quickly identify and contain an attack.

It’s not a matter of if you’ll face ransomware. It’s a matter of when.  

And the speed at which you can contain it will determine whether it’s a headline — or just another resolved alert in your SOC dashboard.

Prepare for ransomware with Zero Trust

You can’t prevent every attack. No one can.  

Phishing emails get opened. Credentials get stolen. AI-generated malware fools even the best-trained employees.  

Zero Trust isn’t about stopping every breach — it’s about limiting what an attacker can do after they get in. That’s when containment makes all the difference.

Segmentation is a foundational technology of Zero Trust. It gives you the power to isolate workloads and stop lateral movement in its tracks.

Even if a threat actor compromises one endpoint or server, they hit a wall when they try to move further. That means your most critical systems stay safe. Your brand stays intact. And your business keeps running.

It’s no wonder that organizations using segmentation reported better confidence in their ability to stop ransomware from spreading. But here’s the problem: only 27% of organizations in the study have adopted segmentation strategies.

That’s a glaring gap in resilience — and a massive opportunity for organizations ready to take ransomware seriously.

Zero Trust: the baseline for ransomware resilience

If we want to break the ransomware cycle, we need to move beyond prevention-only strategies. We need to build true cyber resilience. That means preparing for attacks, containing them quickly, and continuing to operate even in the face of a breach.

That’s what Zero Trust is all about. Not just stopping threats at the door — but stopping them from being successful everywhere.

It’s time to make lateral movement obsolete. It’s time to protect our critical assets from the inside out. It’s time to turn Zero Trust from a strategy into a standard.

The next Medusa is already out there. Will you be ready?