City of St. Helena Hit by Medusa Ransomware Attack

Incident Date:

June 2, 2024

World map



City of St. Helena Hit by Medusa Ransomware Attack


City of St. Helena




St Helena, USA

California, USA

First Reported

June 2, 2024

Ransomware Attack on City of St. Helena

Victim Overview

Located in Napa County, California, the City of St. Helena is a municipal government entity serving a population of approximately 6,070 residents. Operating with a full-service Council-Manager form of government, the city has a total budget of $53.2 million for the fiscal year 2022/23. Known for its wine industry, scenic qualities, and community engagement efforts, St. Helena stands out for its small-town atmosphere and commitment to transparency.

Attack Overview

In May 2024, the ransomware group Medusa claimed responsibility for a cyber attack on the City of St. Helena. This attack forced city officials to shut down computer systems and the city library. Medusa demanded a $200,000 ransom from the city, threatening to leak data if the ransom was not paid.

Ransomware Group: Medusa

Medusa operates as a Ransomware-as-a-Service (RaaS) platform, known for its aggressive tactics. The group has targeted various sectors globally, including education, healthcare, and government. Medusa distinguishes itself by using a double-extortion approach, demanding payment for decryption keys and for not selling or publishing stolen data.

Company Vulnerabilities

As a government entity, the City of St. Helena may be vulnerable to ransomware attacks due to the sensitive nature of the data it holds, including citizen information, financial records, and operational details. Additionally, the city's reliance on digital systems for services and communication makes it a potential target for threat actors like Medusa.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.