Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Medusa Leak. Show all posts

300 Strikes: Fort Worth's Battle Against the Medusa Gang

 


In the wake of a cyberattack on Tarrant County Appraisal District in March, the Medusa ransomware gang has claimed responsibility for the hack and has threatened the public with the threat of leaking 218 GB of the stolen data unless the ransom of $100,000 is paid within six days. 

According to the Tarrant County Appraisal District, approximately 300 individuals' personal information was stolen in a recent update. As of this original report (April 9th), the county organization was still about four days away from publishing the alleged data stolen in the attack after the gang forewarned it to do so on April 6th. 

TAD appeared on the Medusa leak blog on April 6th. It is recommended to report any suspicious activity as soon as possible to the authorities, but affected individuals will be contacted to ensure that their personal information remains safe. Even though the county has not yet responded to whether the ransom will be paid, it is understood that the attack has been reported to the FBI, and plans are underway to restore operations. 

Additionally, the Medusa gang recently attacked an Illinois county on the border with Iowa in addition to the Tarrant County incident. As of 2023, the group began to work its way onto the scene. It soon became involved with a large number of victims, including a company in Italy that supplies drinking water to close to half a million people, a large school district in Minnesota, Sartrouville, a French village, the state-owned telecommunications company of Tonga, and most recently, the government organization in charge of the Philippines' universal healthcare program. 

It is no secret that Medusa made headlines in the fall of last year when it attacked Toyota and a technology company created by two of the biggest banks in Canada. A ransomware gang known as Medusa first appeared on the scene in late 2022 and has been consistently active ever since. In January, they attempted to extort Water for People, a nonprofit that works to improve water access for all. 

As recently as December 2017, Medusa became the target of three separate school districts within less than a week and compromised the personal information of thousands of students and teachers across three districts. It was reported in December of that year that Medusa's leak blog revealed that the group published the files from the school districts from all three districts in December as well. 

Two other school districts in Pennsylvania appeared to have been hit at that time; while Minneapolis Public Schools had been hit earlier in the year. Moreover, in November, the threat actors attacked Toyota Financial Services and took down systems in the region, forcing Toyota to take some systems offline for days. In addition, the threat actors also attacked Moneris, a Canadian fintech company that processes payments for Starbucks and IKEA. 

Medusa is regarded as operating under a ransomware-as-a-service (RaaS) model, whereby the company sells its trademark ransomware variant to other ‘criminal affiliates’ for a cut of the profits generated from sales of their ransomware variant. TAD did not disclose how much data the ransomware group took or precisely what information had been compromised. 

However, Medusa has now threatened to leak the supposed stolen information unless a $100,000 ransom is paid to them. The gang has posted a sample cache of around 40 documents said to have been exfiltrated during the recent attack by the group. According to Cybernews, the purported samples are a collection of financial documents, commercial and residential property databases, property owners' information, records of properties, judgments obtained by the courts, details about board members, tax information, records of employees, and the like. 

The recent ransomware attack that hit the Tarrant County Appraisal District in Tarrant County, Texas, has highlighted the critical need for organizations to adopt a proactive approach to cyber defence and consider it a continuous process rather than reactive. There is a history of international cyberattacks conducted by the Medusa cybercrime gang that is well known, he said. 

There has been an increasing realization by the intelligence community that traditional, reactive measures are no longer effective when faced with adversaries like Medusa, which are using advanced tactics. According to him, empowering ourselves to navigate the evolving digital landscape requires more than just technological upgrades; it requires us to change the way we perceive and prepare for cyber threats, move from a reactive posture to a proactive, anticipatory position, and adopt proactive measures that get us ahead of the game. 

There are 73 jurisdictions in the county served by the Tax Assessment Division, which is the division of local property tax assessments. It has been estimated that there are approximately 2.1 million inhabitants in Tarrant County, with the government offices situated in the city of Fort Worth, one of the largest cities in the state. 

There is no state or local government in Texas that levy or collect taxes from its residents because it is one of the few states where taxes are not imposed. The government delegated that responsibility to city and county governments, so TAD has an extremely important role to play there. The Tax Assessor's Department, or TAD, is a government agency responsible for property appraisal and the determination of eligibility for property tax exemptions for homeowners, the elderly, disabled adults, disabled veterans, and nonprofit organizations and charitable organizations. 

The latter are not necessarily charitable. A ransomware gang could be easily convinced to take advantage of the amount of sensitive personal information stored and processed within TAD's network if it were to think it had a chance to profit from those stolen files. It is also worth noting that even though TAD claims that only a small amount of individual data was exposed in the attack, it is oftentimes not known in the immediate aftermath of such a breach what the true effects of the breach will be. Tarrant Appraisal District was recently found to have suffered a breach of its data, which is not the first time this has happened.