City of St. Helena Hit by Medusa Ransomware Attack
Incident Date:
June 2, 2024
Overview
Title
City of St. Helena Hit by Medusa Ransomware Attack
Victim
City of St. Helena
Attacker
Medusa
Location
First Reported
June 2, 2024
Ransomware Attack on City of St. Helena
Victim Overview
Located in Napa County, California, the City of St. Helena is a municipal government entity serving a population of approximately 6,070 residents. Operating with a full-service Council-Manager form of government, the city has a total budget of $53.2 million for the fiscal year 2022/23. Known for its wine industry, scenic qualities, and community engagement efforts, St. Helena stands out for its small-town atmosphere and commitment to transparency.
Attack Overview
In May 2024, the ransomware group Medusa claimed responsibility for a cyber attack on the City of St. Helena. This attack forced city officials to shut down computer systems and the city library. Medusa demanded a $200,000 ransom from the city, threatening to leak data if the ransom was not paid.
Ransomware Group: Medusa
Medusa operates as a Ransomware-as-a-Service (RaaS) platform, known for its aggressive tactics. The group has targeted various sectors globally, including education, healthcare, and government. Medusa distinguishes itself by using a double-extortion approach, demanding payment for decryption keys and for not selling or publishing stolen data.
Company Vulnerabilities
As a government entity, the City of St. Helena may be vulnerable to ransomware attacks due to the sensitive nature of the data it holds, including citizen information, financial records, and operational details. Additionally, the city's reliance on digital systems for services and communication makes it a potential target for threat actors like Medusa.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.