In the latest ransomware faux pas, the Medusa cybercriminal gang posted a new victim on its dark leak blog on Wednesday – the City of Aurora, Colorado – but it seems the group was MIA during geography class as the posted samples are for a different City of Aurora – in Nebraska.
It’s good news for city officials in Aurora, Colorado, but unfortunate for the City of Aurora in Nebraska with a population of only 4,704 residents according to the US Census Bureau from 2023.
By comparison, Aurora, Colorado has a population of over 395,052, making it the third largest city in the Centennial State, not a bad get for the suspected Russian affiliated gang, but not applicable here.
Medusa is claiming to have stolen server files from the midwestern state's ultra small municipality, but has not explicitly said the amount of data it has allegedly taken.
Sample files Cybernews was able to look at appear to contain 2024 bank statements, city budget info, contracts and invoices, housing department documents, and the personal information, including names, addresses, phone numbers, and emails of what appears to be a list of residents or employees of the city.
You can see below where the discrepency lies in what was posted online by the ransomware group and one of the samples it provided.
The gang is giving Aurora officials an eight-day countdown clock to pay a ransom of $230,000 for Medusa to delete the data, or presumably return it intact to the city.
Medusa says it will charge the city an extra $10,000 per day if they are not paid by the deadline.
Cybernews has reached out to the Cty of Aurora (in Nebraska) and is waitng for comment.
Who is Medusa?
The Medusa ransomware gang came on the scene in late 2022 and has been consistently active ever since.
According to Ransomlooker, a Cybernews ransomware monitoring tool, Medusa’s victim count is up to 187 victims, making it one of the top five most active gangs in the first half of 2024.
Known for its attacks on the education and municipal sectors, Medusa is believed to operate as a ransomware-as-a-service (RaaS) model, selling the use of its signature ransomware variant to other "criminal affiliates" in exchange for a cut of the profits.
The gang attacked a major Ft. Worth, Texas county agency last spring, successfully knocking out some of the agency’s systems and rendering much of its data inaccessible for days.
In December 2023, Medusa laid claim to three separate school districts in less than a week, compromising the personal information of thousands of students and teachers.
Two other school districts in Pennsylvania were hit that November; while Minneapolis Public Schools were hit earlier in 2023, along with a $1 million ransom demand.
The threat actors have also hit Toyota’s Financial Services, affecting operations in Europe and Africa, forcing the company to take some systems offline for days, as well as Moneris, a Canadian payment processing fintech used by Starbucks and IKEA.
Your email address will not be published. Required fields are markedmarked