In a recent development, two major corporations, one Italian and one Canadian, have fallen victim to the MEDUSA cyber attack. The notorious MEDUSA ransomware group has claimed responsibility for targeting Landstar Power Ontario Inc. and Acoustic Center and has added them to their dark web portal, intensifying the threat for the affected companies. The cybercriminals have posted countdowns on their portal, indicating that the stolen data will be published if their demands are not met within a specified timeframe.
The first targeted company, Acoustic Center, is an esteemed Italian regional company that has been operating since 1958. They specialize in the distribution of hearing systems and the provision of hearing aids and related services. The MEDUSA ransomware group has demanded a hefty ransom for the release of Acoustic Center’s data, threatening to delete it if their demands are not met within a given time period. The deadline given is 1 day, with a ransom amount of $10,000. If the deadline is missed, the ransom increases to $100,000. The attack occurred on September 25, 2023, at 11:12:15 PM.
The second victim of the MEDUSA cyber attack is Landstar Power Ontario Inc., a Canadian enterprise that specializes in the purchase of used batteries and assorted scrap metal for resale. The ransomware group has issued a similar demand for a substantial ransom in exchange for the safe release of their data. The deadline and ransom amount are identical to those given for Acoustic Center. The attack on Landstar Power Ontario Inc. took place on September 26, 2023, at 11:14:54 PM.
The Cyber Express, a trusted source for cybersecurity news, has attempted to verify the situation by reaching out to Acoustic Center. However, no official statement or response has been received at the time of writing, leaving the claims of the MEDUSA ransomware attack unverified. Furthermore, efforts to contact Landstar Power Ontario Inc. have also been in vain as the company does not appear to have an official website or contact page.
The MEDUSA ransomware group has gained notoriety for its aggressive tactics and widespread impact. Operating through the Ransomware-as-a-Service (RaaS) model, the group collaborates with global affiliates, expanding its reach and enhancing its capabilities. The group uses a multifaceted approach in their attacks, encrypting files with various extensions, including the distinctive “.MEDUSA” extension, which has become a hallmark of their attacks.
One of their notable targets earlier this year was the Minneapolis Public School (MPS) District. Initially, the district refused to pay the $1 million ransom and claimed to have successfully restored its encrypted systems from backups. However, the MEDUSA ransomware group went a step further and exfiltrated a copy of the data, ultimately publishing it on the internet and promoting it through a Telegram channel.
Cybersecurity experts have been closely monitoring the activities of the MEDUSA ransomware group since its emergence in June 2021. The group has proven to be a formidable threat, causing significant disruptions and financial losses for their victims. It is essential for organizations to prioritize cybersecurity measures and implement robust protection strategies to mitigate the risk of falling victim to cyber attacks.
Disclaimer: This article is based on internal and external research obtained through various sources. The information provided is for reference purposes only, and readers are solely responsible for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.