Medusa Ransomware Hits Camp Susque: 49GB Data Breach Threat

Incident Date:

August 1, 2024

World map

Overview

Title

Medusa Ransomware Hits Camp Susque: 49GB Data Breach Threat

Victim

Camp Susque

Attacker

Medusa

Location

Trout Run, USA

Pennsylvania, USA

First Reported

August 1, 2024

Medusa Ransomware Group Targets Camp Susque

Camp Susque, a non-denominational Christian camp located in Pennsylvania, has recently fallen victim to a ransomware attack orchestrated by the Medusa ransomware group. The attackers claim to have accessed 48.9 GB of the camp's organizational data and have threatened to publish it within 10 to 11 days. This incident has raised significant concerns about the camp's data security and operational integrity.

About Camp Susque

Established in 1946, Camp Susque is a non-profit organization that offers a variety of programs designed to foster personal growth, community building, and spiritual development among youth and families. The camp provides summer youth camps, wilderness trips, family camps, educational programs, and special events. Accredited by the American Camp Association (ACA), Camp Susque prioritizes the safety and well-being of its participants through rigorous standards and well-trained counselors.

Attack Overview

The Medusa ransomware group has claimed responsibility for the attack on Camp Susque, asserting that they have exfiltrated nearly 49 GB of sensitive data. To substantiate their claims, the group has posted sample screenshots on their dark web portal. The camp now faces the daunting task of addressing this significant data breach and mitigating potential fallout.

Medusa Ransomware Group

Medusa is a ransomware group that emerged in late 2022 and operates as a Ransomware-as-a-Service (RaaS) platform. The group has been involved in various high-profile attacks across multiple sectors, including education, healthcare, and government services. Medusa's ransomware is designed to kill numerous applications and services to prevent detection and mitigation, and it disables shadow copies to thwart recovery efforts.

Potential Vulnerabilities

Camp Susque's relatively small size and non-profit status may have made it an attractive target for the Medusa ransomware group. Non-profit organizations often have limited resources for cybersecurity measures, making them more vulnerable to sophisticated attacks. The camp's reliance on donations, grants, and program fees further complicates its ability to invest in cybersecurity infrastructure.

Penetration Methods

While the exact method of penetration in this case is not publicly known, Medusa typically employs phishing attacks, exploiting unpatched vulnerabilities, and leveraging weak or compromised credentials to gain access to target systems. Once inside, the ransomware encrypts critical data and demands substantial ransoms for decryption keys.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.