Medusa Ransomware Group Strikes Mercy Drive Inc.

Incident Date:

June 6, 2024

World map

Overview

Title

Medusa Ransomware Group Strikes Mercy Drive Inc.

Victim

Mercy Drive Inc

Attacker

Medusa

Location

Queens, USA

New York, USA

First Reported

June 6, 2024

Medusa Ransomware Group Targets Mercy Drive Inc.

Overview of Mercy Drive Inc.

Mercy Drive Inc. is a non-profit organization headquartered in Bronx, New York, dedicated to empowering individuals and families in underserved communities. The organization provides comprehensive support services, including educational programs, workforce development, and basic needs assistance. With a focus on individuals diagnosed with developmental and intellectual disabilities, Mercy Drive Inc. aims to promote long-term self-sufficiency and community well-being. The organization employs 203 staff members and reported total revenue of $31,005,199 in the fiscal year ending June 2023.

Details of the Ransomware Attack

Recently, the Medusa ransomware group executed a significant attack on Mercy Drive Inc., resulting in a data leakage of 161.1 GB. The attack targeted the organization's corporate office located at 11710 Hillside Ave, Jamaica, New York. The breach has raised concerns about the security of sensitive information related to the individuals and families served by the organization.

About the Medusa Ransomware Group

Medusa is a ransomware group that emerged in late 2022 and operates as a Ransomware-as-a-Service (RaaS) platform. The group has been involved in various high-profile attacks across multiple sectors globally, including education, healthcare, and government services. Medusa's ransomware is designed to disable applications and services, making detection and mitigation challenging. The group demands substantial ransoms for decryption keys and often releases stolen data publicly if ransoms are not paid.

Potential Vulnerabilities and Penetration Methods

Given its focus on providing extensive support services to vulnerable populations, Mercy Drive Inc. may have been an attractive target for threat actors. The organization's reliance on digital systems to manage sensitive information could have presented vulnerabilities that Medusa exploited. The ransomware group likely penetrated the company's systems through phishing attacks, exploiting software vulnerabilities, or leveraging weak security protocols.

Impact and Response

The attack on Mercy Drive Inc. underscores the growing threat posed by ransomware groups like Medusa. The breach has significant implications for the organization's operations and the individuals it serves. Enhanced cybersecurity measures and third-party investigations are critical in responding to such incidents and preventing future attacks.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.