Medusa Ransomware Strikes Wichita County Mounted Patrol

Incident Date:

June 2, 2024

World map



Medusa Ransomware Strikes Wichita County Mounted Patrol


Wichita County Mounted Patrol




Wichita Falls, USA

Texas, USA

First Reported

June 2, 2024

Ransomware Attack on Wichita County Mounted Patrol

Victim Overview

Based in Wichita Falls, Texas, Wichita County Mounted Patrol is a volunteer organization operating in the Public Safety industry. Employing 11-20 staff members and generating annual revenue in the range of $10M-$25M, the company is renowned for hosting the annual Wichita County Mounted Patrol Championship Rodeo and supporting local charities such as the Children's Miracle Network.

Attack Overview

Targeted by the Medusa ransomware group, Wichita County Mounted Patrol experienced a data breach that compromised sensitive law enforcement information. Occurring between May 3-4, the attack involved the theft of files containing names, Social Security numbers, driver’s license numbers, and payment card information. The hackers exploited a recently disclosed security vulnerability to gain unauthorized access to the organization's network.

Ransomware Group Profile

Medusa, a ransomware group operating as a Ransomware-as-a-Service (RaaS) platform, is notorious for its aggressive tactics. This group has targeted various sectors globally, including education, healthcare, and government industries. Medusa's ransomware is specifically designed to disable applications and services, encrypt critical data, and demand significant ransoms for decryption keys.

Company Vulnerabilities

Potential security gaps in Wichita County Mounted Patrol's network infrastructure and systems make it vulnerable to ransomware attacks. The organization's involvement in law enforcement activities and the storage of sensitive information make it an attractive target for threat actors like the Medusa ransomware group. Additionally, a lack of robust cybersecurity measures and timely patching of security vulnerabilities could have facilitated the attack on the company.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.