Medusa Ransomware Group Strikes Women's Sports Foundation, Data Breach Exposed

Incident Date:

June 6, 2024

World map

Overview

Title

Medusa Ransomware Group Strikes Women's Sports Foundation, Data Breach Exposed

Victim

The Women's Sports Foundation

Attacker

Medusa

Location

New York, USA

New York, USA

First Reported

June 6, 2024

Medusa Ransomware Group Targets The Women's Sports Foundation

Overview of The Women's Sports Foundation

Established in 1974 by tennis legend Billie Jean King, The Women's Sports Foundation (WSF) is a non-profit organization dedicated to advancing the lives of women and girls through sports and physical activity. Headquartered in East Meadow, New York, the foundation employs 105 individuals and has grown to a $1 million endowment with an operating budget of $1 million. The WSF is renowned for its advocacy, research, community programs, and funding initiatives aimed at promoting gender equity in sports.

Details of the Ransomware Attack

Recently, the Medusa ransomware group claimed responsibility for compromising The Women's Sports Foundation. The attack resulted in the exfiltration and subsequent leak of 36.5 GB of sensitive data. This breach underscores the vulnerabilities faced by non-profit organizations, particularly those involved in advocacy and community services, which may lack the robust cybersecurity measures of larger corporations.

About Medusa Ransomware Group

Emerging in late 2022, Medusa is a ransomware group that operates as a Ransomware-as-a-Service (RaaS) platform. The group has been involved in numerous high-profile attacks across various sectors, including education, healthcare, and government services. Medusa's ransomware is designed to disable applications and services, making detection and mitigation challenging. The group is known for demanding substantial ransoms and publicly releasing stolen data if their demands are not met.

Potential Vulnerabilities and Penetration Methods

Non-profit organizations like The Women's Sports Foundation are often targeted due to their limited cybersecurity resources. Medusa likely exploited vulnerabilities in the foundation's network, possibly through phishing attacks or exploiting unpatched software. The group's sophisticated tactics, including disabling shadow copies to prevent data recovery, highlight the need for enhanced cybersecurity measures even for non-profits.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.