The Medusa group publishes data stolen from Postel
The dangerous menace of ransomware: the case of the Medusa group and the attack on Postel
The Medusa criminal group attacked the Postel company of Poste Italiane, stealing sensitive employee data and threatening to publish it if a ransom was not paid. Medusa uses ransomware to encrypt files and delete backups, making data recovery difficult. The attack creates concerns about data loss and the reputation of companies.
The Medusa criminal group has recently made headlines after the publication of sensitive data of the Postel group, a company controlled by Poste Italiane. This gang, known for its ransomware-type cyber attacks, claimed the theft of Postel employees' tax and personal data on August 15th, threatening to release them if a ransom was not paid. As announced, it has now released valuable information public, including personal documents, passwords, Spid logins, emails and internal company information.
Postel victim of a cyber attack
Postel, a company specializing in the management of documents for businesses and public administrations, was the victim of a cyber attack last August 15th. After identifying suspicious activity on its systems, attributed to an unauthorized external actor, the company experienced operational outages on some servers and workstations across the country. Despite the attackers' offer to pay the requested $500,000 ransom, Postel has received no guarantees and is now facing the release of sensitive employee data.
The Medusa gang and its cyber attacks
The Medusa criminal group has gained notoriety thanks to its cyber attacks on an international scale. In addition to hitting many world-famous companies, this gang has also attacked public schools in the United States, stealing sensitive data and publishing it on their blog hosted on the Tor browser. The group's preferred technique is to use ransomware to infect Windows devices, compromising operating system services and processes that could prevent file encryption. Furthermore, Medusa deletes backup files to make data recovery impossible.
The consequences of the Medusa ransomware
Once Medusa encrypts the files, they acquire the .Medusa extension and the criminal group leaves a text note containing information on how to negotiate with them and contact addresses. Additionally, the gang deletes locally stored files associated with backup programs to make data recovery impossible. Victims of the attack can then find this information on the Medusa-designated Tor page. This type of ruthless attack is causing many concerns for companies and public administrations, which are forced to face the risk of loss of sensitive data and serious damage to their reputation.
Follow us on Twitter for more pills like this08/25/2023 23:42
Editorial AI