Recently, the Medusa ransomware group demanded $1,000,000 worth of ransom from the Minneapolis Public Schools (MPS) to delete the alleged stolen data during the ransomware campaign. This ransomware group launched a few years ago but only became active this year.
Researchers explained that this group used a different MedusaLocker ransomware and increased their malicious operations in 2023.
Earlier this week, the Medusa ransomware operators included MPS as one of their victims on its data leak site. The group threatened to publish all the stolen data from the public school by March 17 if MPS did not provide the ransom.
The group offered the school a 1-day extension to the data publication limit of $50,000. However, the group also accepts $1 million from interested buyers. This extortion strategy is unusual since the group made a video showing all the stolen information from MPS.
A researcher spotted and posted the video on a social media platform, revealing the proof.
The Minneapolis Public School refused to provide the demands requested by Medusa ransomware.
The Minneapolis Public School addressed the Medusa ransomware attack by classifying it as an encryption event that disrupted their systems last month. However, the academic institution insisted they had no plans to pay the threat actors and opted to retrieve the stolen data using internal backups.
Furthermore, an MPS representative stated that their independent investigation had not discovered unauthorised access and evidence of stolen data. The MPS system outage notice also revealed that the education organisation had not paid a ransom, and they have yet to spot any maliciously used data from their systems.
Unfortunately, the Medusa ransomware group has started to leak sensitive critical data from MPS since the ransomware attack occurred more than a week ago. Hence, MPS could soon provide an update regarding the potentially stolen data since the threat actors have already made their move.
MPS has warned its teachers, students, and staff regarding the issue since it could cause phishing attacks and scamming attempts from individuals who got a hold of the leaked data.
