Queensland civil infrastructure firm struck by Medusa ransomware attack

Ransomware operator Medusa has posted the details of one terabyte of data it successfully exfiltrated from the Gold Coast-based CB Group.

The data breach was announced by Medusa on its darknet leak site on 14 August, and it is promising to publish the data on 24 August. The group is demanding $100,000 to delete the data entirely.

Medusa is also offering to extend the ransom deadline, though that will cost $10,000 for each day. The data can also be downloaded now, for the same cost as the actual ransom. This is no doubt meant to put even more pressure on the victim, as every day the data is online, it could be bought by anyone with the cash.

The ransomware gang has also posted 27 sample files out of the full selection, as well as the directory structure of the stolen data. Included by way of example are photos of staff driver’s licences, invoices, a detailed company organisational chart, and confidential deeds and contracts.

The CB Group is a family business dealing in plant hire and construction. It currently employs 130 people and operates “150 major items of plant and equipment”. It also works with a wide range of contractors and suppliers.

“By using our own people, plant and equipment, we demonstrate a higher rate of success with regards to safety, quality and delivery across all aspects of our business,” the company said on its website. “We have a track record of building long-term relationships with clients across the private and public sectors, and our repeat and ongoing work for numerous clients is a continual testament to this.”

The Medusa ransomware group has struck a number of targets in the Asia-Pacific region recently. In May, it targeted the Crown Princess Mary Cancer Centre at Westmead Hospital, and in February, it was reported that Medusa was behind the ransomware attack on the Tonga Communications Corporation.

Cyber Security Connect has reached out to the CB Group for comment.

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.