Medusa Ransomware Claims UK-based Defense Solutions Provider Chemring Group as Victim
9 May 2024 at 05:35
The Medusa ransomware group has demanded $3.5 million from the Chemring Group on their leak site, along with a looming threat to leak 186.78 GB of sensitive documents claimed to have been obtained from the Chemring Group data breach.
The group set the negotiation deadline as May 16, 2024, providing the victim about 9 days to surrender to demands while also presenting additional options such as prolonging negotiation period, removing or downloading the data allegedly stolen during the attack at varying prices.
The Chemring Group is a multi-national UK-based business that provides a range of technology solutions and services to the aerospace, defence and security markets around the world.
The Chemring Group data breach post was shared on the threat actor's data leak site along with 3 American organizations listed as victims. However, the authenticity of these claims is yet to be verified.
While the Chemring Group refutes any major compromise, they have confirmed an ongoing investigation into the alleged data breach.
Medusa Hackers Demand $3.5 Million Following Chemring Group Data Breach
On the leak site, the ransomware group demanded a ransom of 3.5 million USD with a negotiation deadline of 16th May 2024. The group allegedly exfiltrated 186.78 GB of confidential documents, databases, and SolidWorks design files. However no sample data had been shared making it harder to verify the group's claims. Additionally, the leak site provided the victim with the options to add an additional day to make ransom negotiations for 1 million, to delete all the data for 3.5 million or download/delete the exfiltrated data for 3.5 million. [caption id="attachment_67453" align="alignnone" width="944"] Source: X.com / @H4ckManac[/caption] The Chemring Group PLC listing was also accompanied by the listing of three alleged victim organizations, including One Toyota of Oakland, Merritt Properties and Autobell Car Wash. After being reached out for additional details by The Cyber Express team, a Chemring Group spokesman made the following statements about the alleged ransomware attack:Chemring has been made aware of a post that has appeared on X (formerly Twitter) alleging that the Group has been subject to a ransomware attack. An investigation has been launched, however there is currently nothing to indicate any compromise of the Groupβs IT systems, nor have we received any communication from a threat actor suggesting that we have been breached. We confirm that all Chemring businesses are operating normally. Our preliminary investigations lead us to believe that this attack was on a business previously owned by Chemring but where there is no ongoing relationship or connection into our IT systems. As this is subject to an ongoing criminal investigation we cannot comment further at this stage.