Medusa Ransomware Group Targets North Coast Petroleum

Overview of North Coast Petroleum

North Coast Petroleum (NCP) is a comprehensive fuel and lubricant distribution company based in Lismore, Australia. The company specializes in providing a wide range of petroleum products and services to various sectors, including agriculture, transport, industrial, and retail. NCP's operations encompass the supply of bulk fuels, lubricants, and other related products, ensuring that their clients have access to high-quality energy solutions tailored to their specific needs.

One of the primary services offered by NCP is the distribution of bulk fuels, including diesel, unleaded petrol, and other fuel types. Their logistics network is designed to ensure timely and efficient delivery, minimizing downtime and ensuring that their clients' operations run smoothly. NCP also supplies a variety of lubricants essential for the maintenance and efficient operation of machinery and vehicles. Additionally, NCP operates a network of service stations, providing convenient refueling options for motorists.

NCP stands out for its strong commitment to the local community, particularly in times of crisis. In 2022, the company played a vital role in supporting the Lismore community during devastating floods, providing fuel, care parcels, and essential supplies. This community-focused approach earned NCP the 2023 Marg Taylor Award for Community Spirit at the inaugural Australian Fuel & Convenience Awards.

Details of the Ransomware Attack

On June 24, 2024, North Coast Petroleum fell victim to a ransomware attack by the Medusa ransomware group. Medusa announced the breach on its dark web leak site, claiming to have stolen 71.5 gigabytes of data. The group set a countdown for the data's public release, scheduled for just over eight days later, and demanded a ransom of US$150,000. They also offered the stolen data for sale at the same price.

To substantiate their claims, Medusa posted numerous documents, including invoices, dangerous goods manifests, and personal information such as a passport, driver’s license, and credit card scans. Employee information forms with names, addresses, and phone numbers were also exposed. Additionally, a document titled "creditor payments" revealed the BSB and bank account details of several North Coast Petroleum customers, including notable companies like Schweppes Australia, Soda Stream, Repco, and Frucor Beverages.

About the Medusa Ransomware Group

Medusa is a ransomware group that emerged in late 2022 and gained notoriety throughout 2023 and into 2024. Operating as a Ransomware-as-a-Service (RaaS) platform, the group allows affiliates to use its ransomware to launch attacks. Medusa is distinct from other groups like MedusaLocker and has been involved in various high-profile attacks targeting multiple sectors globally.

Medusa's ransomware is designed to kill numerous applications and services to prevent detection and mitigation. It also disables shadow copies to thwart recovery efforts. The group's ransomware encrypts critical data and demands substantial ransoms for decryption keys, with recent demands ranging from hundreds of thousands to millions of dollars. Victims of Medusa's attacks have ranged from small organizations to large entities, and the group often releases stolen data publicly if ransoms are not paid.

Potential Vulnerabilities and Penetration Methods

While the specific method of penetration used by Medusa in the North Coast Petroleum attack has not been disclosed, common vulnerabilities exploited by ransomware groups include weak or compromised passwords, unpatched software, and phishing attacks. Given NCP's extensive operations and reliance on digital systems for logistics and customer management, any lapses in cybersecurity measures could have provided an entry point for the attackers.

Organizations in the energy, utilities, and waste sector, like NCP, are particularly attractive targets for ransomware groups due to the critical nature of their services. Disruptions in fuel and lubricant supply chains can have far-reaching consequences, increasing the likelihood that victims may pay the ransom to restore operations quickly.

Sources:

• North Coast Petroleum Official Website
• SonicWall
• Fort Worth Report
• Anvilogic