Medusa Ransomware Hits American Golf Corp: 155GB Data Stolen
Incident Date:
July 23, 2024
Overview
Title
Medusa Ransomware Hits American Golf Corp: 155GB Data Stolen
Victim
American Golf
Attacker
Medusa
Location
First Reported
July 23, 2024
Medusa Ransomware Group Targets American Golf Corporation
Overview of American Golf Corporation
American Golf Corporation, based in El Segundo, California, is a leading entity in the golf industry, specializing in the management, operation, and leasing of golf courses and country clubs across the United States. With over 50 years of experience, the company has managed more than 325 golf courses and currently oversees over 40 facilities nationwide. The company employs approximately 4,000 individuals and generates an estimated annual revenue of $746 million. American Golf is known for its comprehensive services, including tee time reservations, event planning, and operational expertise in retail, food and beverage services, agronomy, and guest services.
Details of the Ransomware Attack
In July 2024, American Golf Corporation fell victim to a ransomware attack orchestrated by the Medusa ransomware-as-a-service group. The attackers claimed to have exfiltrated approximately 155 GB of sensitive data, including members' data, user IDs and passwords, secret keys, email correspondence, licenses and passports, and financial details and reports. Medusa demanded a ransom of $2 million, with a deadline of July 20, 2024, threatening to increase the ransom by $100,000 for each day the payment was delayed. The attack was disclosed on July 12, 2024, but American Golf Corporation had not confirmed the cyberattack or data breach at the time of the reports.
About the Medusa Ransomware Group
Medusa is a ransomware group that emerged in late 2022 and operates as a Ransomware-as-a-Service (RaaS) platform. The group has been involved in various high-profile attacks targeting multiple sectors globally, including education, healthcare, and government services. Medusa's ransomware is designed to kill numerous applications and services to prevent detection and mitigation, and it disables shadow copies to thwart recovery efforts. The group often releases stolen data publicly if ransoms are not paid, further pressuring victims to comply.
Potential Vulnerabilities and Impact
American Golf Corporation's extensive operations and significant market presence make it a lucrative target for ransomware groups like Medusa. The company's reliance on digital systems for managing reservations, event planning, and operational services could have been exploited by the attackers. If the data breach is confirmed, American Golf Corporation may face significant repercussions, including the need to send data breach notification letters to affected individuals and potential financial and reputational damage.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.