Medusa Ransomware Group Claims Attacks on US and Canadian Companies

• The Medusa ransomware group has hit three new organizations in the US and Canada, locking their systems.
• Attackers now demand up to $900,000 payouts to keep the data from leaking online.
• The alleged victims are GEMCO Constructors, Dynamo Electric, and Farnell Packaging.

The Medusa ransomware group claims to have targeted three new victims via the cyberattacker’s Dark Web portal but did not mention what type of compromised data was stolen. GEMCO Constructors was asked $900,000, while the ransom note for Dynamo Electric and Farnell Packaging demanded $100,000.

Headquartered in Indianapolis, Indiana, USA, GEMCO Constructors was compromised and reportedly had 1.0 TB of the organization’s data stolen by the ransomware gang. The cybercriminals also claim to have gained unauthorized access to 150 GB of data belonging to Canadian company Dynamo, which specializes in electrical and electronic manufacturing. 

Medusa has claimed to have breached the Canadian Farnell Packaging company, which operates in the packaging and container industry, exfiltrating 194 GB of data. None of these enterprises have yet responded to the alleged cyberattack.

Medusa is a Ransomware-as-a-Service (RaaS) platform that launched in June 2021. The threat actors behind it have since targeted companies around the world in various industries, including manufacturing, healthcare, education, and retail, with most of the companies located in the U.S. The latest known victim of Medusa ransomware is Canadian communications giant Comwave.

In March 2024, Darktrace /NETWORK identified over 80 devices, including an Internet-facing domain controller, showing an emerging ransomware attack. Further investigation revealed it was a Medusa ransomware attack leveraging both system vulnerabilities and initial access brokers that attempted to utilize "living off the land" (LotL) techniques to avoid detection.

Ransomware attacks have not been scarce this year. The latest incidents that made the news were the targeting of U.S. education and recreation sectors, BianLian’s attack on Australia’s Northern Minerals, and the disruption of Seattle Public Library’s activity.