The MEDUSA ransomware group has reared its ugly head again and this time it has claimed to have targeted three new victims: GEMCO Constructors, Dynamo Electric and Farnell Packaging. The ransomware group’s dark web portal highlighted these additions, adding to their growing list of victims. Like many of its earlier attacks, the group has not disclosed crucial details, such as the type of compromised data. It has, however, demanded a bounty of US $900,000 from GEMCO and $100,000 each from Dynamo and Farnell Packaging to stop leaking its internal data.

MEDUSA Ransomware Attack: The Latest Victims

GEMCO Constructors is headquartered in Indianapolis, Indiana, USA. The ransomware actors have claimed to have access to 1.0 TB of the organization's data and has threatened to publish it within 6-7 days. The second company that the group has claimed to have targeted is Dynamo, which is based in Saskatchewan, Canada. Data of the company, which specializes in electrical and electronic manufacturing, has allegedly been compromised. MEDUSA has claimed to have exfiltrated 149.6 GB of the organization's data and plans to publish it within 6-7 days. Farnell Packaging, a Canadian company in the packaging and container industry, has also allegedly been attacked. The attackers claimed to have accessed 193.9 GB of the organization's data and warned the data would be published within 8–9 days. Despite the gigantic claims made by the ransomware group, the official websites of the targeted companies seem to be fully operational, with no signs of foul play. The organizations, however, have not yet responded to the alleged cyberattack, leaving the claims made by the ransomware group unverified.  The article would be updated once the respective organizations respond to the claims. The absence of confirmation raises the question of the authenticity of the ransomware claim. It remains to be seen whether it is a tactic employed by MEDUSA to garner attention or if there are ulterior motives attached to their actions. Only an official statement by the affected companies can shed light on the true nature of the situation. However, if the claims made by the MEDUSA ransomware group do turn out to be true, then the consequences could be far-reaching. The potential leak of sensitive data could pose a significant threat to the affected organizations and their employees.

Background of MEDUSA Ransomware Group

MEDUSA first burst onto the scene in June 2021 and has since targeted organizations in various countries across multiple industries, including healthcare, education, manufacturing, and retail. Most of the companies, though, have been established in the United States of America. MEDUSA functions as a Ransomware-as-a-Service (RaaS) platform. It provides would-be attackers with malicious software and infrastructure required to carry out disruptive ransomware attacks. The ransomware group also has a public Telegram channel that threat actors use to post data that might be stolen, which could be an attempt to extort organizations and demand payment.

Previous Ransomware Attacks

Less than three weeks ago, MEDUSA ransomware group claimed a cyberattack on Comwave, a Canadian communications giant renowned for providing internet, network security solutions, and customer support services.  In January 2024, a prominent non-profit organization, Water For People, was targeted by the group. The organization faced the pressure of a deadline to comply with the demands of the ransomware group. MEDUSA also targeted four organizations across different countries, including France, Italy, and Spain. The group’s modus operandi remains uniform, with announcements being made on their dark web forum accompanied by deadlines and ransom demands. As organizations deal with the fallout of cyberattacks by groups like MEDUSA, it becomes crucial to remain vigilant and implement stringent security measures. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Last week on Malwarebytes Labs:

• Law enforcement reels in phishing-as-a-service whopper
• Mental health company Cerebral failed to protect sensitive personal data, must pay $7 million
• Cannabis investment scam JuicyFields ends in 9 arrests
• Should you share your location with your partner?
• Giant Tiger breach sees 2.8 million records leaked

Last week on ThreatDown:

• What makes some zero-day vulnerabilities more valuable than others?
• Turning back the clock on encryption: How to perform ransomware backups in one-click
• ThreatDown earns highest ratings across EDR and MDR categories in G2 Spring 2024 results
• K-12 district hit with $500k Medusa ransomware attack
• FakeBat campaign continues, now also targeting VMware users

Stay safe!

---

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.