AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

The Medusa group publishes data stolen from Postel

The dangerous menace of ransomware: the case of the Medusa group and the attack on Postel

The Medusa criminal group attacked the Postel company of Poste Italiane, stealing sensitive employee data and threatening to publish it if a ransom was not paid. Medusa uses ransomware to encrypt files and delete backups, making data recovery difficult. The attack creates concerns about data loss and the reputation of companies.

This pill is also available in Italian language

The Medusa criminal group has recently made headlines after the publication of sensitive data of the Postel group, a company controlled by Poste Italiane. This gang, known for its ransomware-type cyber attacks, claimed the theft of Postel employees' tax and personal data on August 15th, threatening to release them if a ransom was not paid. As announced, it has now released valuable information public, including personal documents, passwords, Spid logins, emails and internal company information.

Postel victim of a cyber attack

Postel, a company specializing in the management of documents for businesses and public administrations, was the victim of a cyber attack last August 15th. After identifying suspicious activity on its systems, attributed to an unauthorized external actor, the company experienced operational outages on some servers and workstations across the country. Despite the attackers' offer to pay the requested $500,000 ransom, Postel has received no guarantees and is now facing the release of sensitive employee data.

The Medusa gang and its cyber attacks

The Medusa criminal group has gained notoriety thanks to its cyber attacks on an international scale. In addition to hitting many world-famous companies, this gang has also attacked public schools in the United States, stealing sensitive data and publishing it on their blog hosted on the Tor browser. The group's preferred technique is to use ransomware to infect Windows devices, compromising operating system services and processes that could prevent file encryption. Furthermore, Medusa deletes backup files to make data recovery impossible.

The consequences of the Medusa ransomware

Once Medusa encrypts the files, they acquire the .Medusa extension and the criminal group leaves a text note containing information on how to negotiate with them and contact addresses. Additionally, the gang deletes locally stored files associated with backup programs to make data recovery impossible. Victims of the attack can then find this information on the Medusa-designated Tor page. This type of ruthless attack is causing many concerns for companies and public administrations, which are forced to face the risk of loss of sensitive data and serious damage to their reputation.

Follow us on Twitter for more pills like this

08/25/2023 23:42

Editorial AI

Complementary pills

Ransomware attack shocks Postel Spa: detailsFight against Medusa Locker: Postel Spa refuses to give in to blackmail

Last pills

Cyber attack in Indonesia: the new Brain Cipher ransomware brings services to their kneesNew ransomware hits Indonesia: learn how Brain Cipher crippled essential services and the techniques used by hackers

Patelco Credit Union: security incident halts customer services in CaliforniaService disruption and customer frustration: Patelco Credit Union works to resolve security incident

Cyber attack on TeamViewer: immediate response and investigations underwayStrengthened security measures and international collaborations to counter the cyber threat

Polyfill JS supply chain attack: what happenedA detailed analysis of the cyber attack that compromised a library essential for JavaScript compatibility in browsers