Medusa Ransomware Hits Royal Brighton Yacht Club: Data Stolen
Incident Date:
July 23, 2024
Overview
Title
Medusa Ransomware Hits Royal Brighton Yacht Club: Data Stolen
Victim
Royal Brighton Yacht Club
Attacker
Medusa
Location
First Reported
July 23, 2024
Medusa Ransomware Attack on Royal Brighton Yacht Club
Victim Profile: Royal Brighton Yacht Club
The Royal Brighton Yacht Club (RBYC), established in 1875, is a premier sailing club located in Brighton, Victoria, Australia. Known for its rich maritime tradition, RBYC offers a variety of sailing programs, including racing, training, and youth programs. The club also provides extensive facilities such as dining areas, social spaces, and health and fitness amenities. With an estimated employee count of 8 to 25 and annual revenue below $5 million, RBYC is a notable entity in Melbourne's hospitality sector.
Attack Overview
The Medusa ransomware group has claimed responsibility for a recent cyberattack on RBYC, which has been publicized on their dark web leak site. The hackers reportedly stole over 94 gigabytes of data, including personal information of employees and members, financial records, and internal documents. The attack was executed through a compromised third-party remote support tool, leading to the encryption of the club’s systems. Medusa is demanding a ransom of $100,000, with an eight-day deadline for payment.
Details of the Breach
The stolen data includes names, addresses, phone numbers, membership details, employee superannuation, contact information, internal emails, and some login credentials. In response, RBYC has engaged a cybersecurity firm to manage the incident, isolate affected systems, and restore services. The incident has been reported to the Australian Cyber Security Centre (ACSC), and the club is fully cooperating with the investigation. Notifications are being sent to individuals affected by the data breach.
Medusa Ransomware Group
Medusa is a ransomware group that emerged in late 2022, operating as a Ransomware-as-a-Service (RaaS) platform. The group has been involved in various high-profile attacks across multiple sectors globally. Medusa's ransomware is designed to kill numerous applications and services to prevent detection and mitigation, and it disables shadow copies to thwart recovery efforts. The group often releases stolen data publicly if ransoms are not paid, further pressuring victims to comply.
Penetration and Impact
The attack on RBYC was facilitated through a compromised third-party remote support tool, highlighting the vulnerabilities associated with third-party services. The breach has led to significant operational disruptions and potential reputational damage for the club. RBYC is focused on protecting data, minimizing disruption, and enhancing its cybersecurity measures to prevent future attacks.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.