iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
A cyber attack on an Australian organic and health product supplier has resulted in business and personal data being leaked.
Kadac Australia, a Victoria-based company, discovered it had been the victim of a ransomware attack on 12 February 2024.
On the same day, the Medusa ransomware gang listed Kadac on its leak site, setting a 10-day deadline for the company to fork out $100,000 in ransom to prevent its data from being leaked, a small number compared to previous Medusa ransom values, which have exceeded over US$1 million in the past.
Exfiltrated data includes customer details such as first names, last names and email addresses, email correspondence with brands and suppliers, financial data, marketing data, certificates and other confidential business data.
#CyberAttack Alert 🚨
— HackManac (@H4ckManac) February 12, 2024
🇦🇺 #Australia: Kadac Australia allegedly compromised by Medusa #ransomware group.
Kadac Australia (https://t.co/fcbb5Ik86j) has been added to the Medusa ransomware group's data leak site.
Financial data, email correspondence, certificates, customer… pic.twitter.com/K2jk9ZhlC5
Cyber Daily reached out to Kadac Australia for comment on the issue but has yet to receive word from the company.
The Medusa ransomware gang first appeared in June 2021, with some reports saying it was observed in 2019. The threat actor operates a ransomware-as-a-service (RaaS) called MedusaLocker.
The group’s attack strategy involves using phishing campaigns and exploiting vulnerable Remote Desktop Protocols (RDP) to gain system access before employing PowerShell for command execution.
It then deletes shadow copy backups to prevent the victim from restoring data.
Medusa has a history of attacking Australian organisations, only last year claiming an attack on an NSW cancer treatment centre.
The Crown Princess Mary Cancer Centre, which is part of Westmead Hospital, was targeted midway through last year, with the alleged ransomware attack being discovered on 4 May 2023.
Despite Medusa threatening to release stolen data, NSW Health investigations indicated that databases were not accessed.
“NSW Health continues to investigate this issue, which does not appear to have impacted any NSW Health databases, nor Crown Princess Mary Cancer Centre databases,” said an NSW Health spokesperson.
“The safety and security of all NSW Health systems remains of highest importance and is continually monitored and safeguarded.”
The Kadac Australia incident is a developing story. Cyber Daily will provide updates as new information becomes known.
Be the first to hear the latest developments in the cyber industry.
