Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Exclusive: Medusa ransomware gang demands US$700k payment from Victoria Racing Club

The Medusa ransomware gang has posted a large amount of VRC data to its darknet leak site, as the VRC boss confirms a “cyber incident”.

user icon David Hollingworth
Sat, 15 Jun 2024
Exclusive: Medusa ransomware gang demands US$700,000 payment from Victoria Racing Club
expand image

The Victorian Racing Club confirmed late on Friday that it was the victim of a “cyber incident,” a day after the Medusa ransomware operation claimed that it was behind the attack.

VRC Chief Executive Officer Steve Rosich said on the evening of June 14 that the club had suffered a cyber incident and was communicating with “employees, members, partners and sponsors to inform them that the VRC recently experienced a cyber incident”.

“As soon as we detected the incident, we took immediate steps to contain the incident and engage leading experts to assist with our response and investigation,” Rosich said in a statement.

============
============

“This ongoing investigation has identified evidence that an unauthorised third party has accessed our system. We are urgently investigating to determine whether there has been unauthorised access to our data.”

Rosich confirmed that the VRC had informed the Australian Cyber Security Centre of the attack, and that the club would be operating as normal.

While the VRC is investigating the data that may have been impacted, the Medusa gang claimed to have more than 100 gigabytes of data belonging to the club. After using the club’s own boilerplate to describe the victim, the gang said “The total amount of data leakage is 128.1 GB”.

According to the Medusa gang’s darknet site, it is demanding a ransom of US$700,000 to delete the data, and a countdown on the site currently lists a ransom deadline of approximately six days as of the time of writing.

Medusa is also offering to extend the deadline for a day for a payment of US$10,000. Additionally, anyone else can buy the data for US$700,000.

To prove the hack, Medusa shared several documents that appear to relate to gaming machines administered by Aristocrat Games and operated at the Headquarters Tavern, which is at Flemington Race Course. The data also includes financial details of gaming machines, prizes won by VRC members, customer invoices, marketing details, names, email addresses, and mobile phone numbers.

At least one of the email addresses belongs to an employee of SA Health, South Australia’s health department.
Much of the data appears to be historical – for instance, the email address of deceased racing identity Bart Cummings is included in sample data. However, some of the data appears to date to as recently as 2023.

The VRC declined to comment on the Medusa gang’s claims. The VRC has more than 30,000 members.

The Medusa gang was last active in Australia in February, when it hacked organic health brand Kadac Australia.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.