Medusa Ransomware Group Targets American Golf Corporation

Overview of American Golf Corporation

American Golf Corporation, based in El Segundo, California, is a leading entity in the golf industry, specializing in the management, operation, and leasing of golf courses and country clubs across the United States. With over 50 years of experience, the company has managed more than 325 golf courses and currently oversees over 40 facilities nationwide. The company employs approximately 4,000 individuals and generates an estimated annual revenue of $746 million. American Golf is known for its comprehensive services, including tee time reservations, event planning, and operational expertise in retail, food and beverage services, agronomy, and guest services.

Details of the Ransomware Attack

In July 2024, American Golf Corporation fell victim to a ransomware attack orchestrated by the Medusa ransomware-as-a-service group. The attackers claimed to have exfiltrated approximately 155 GB of sensitive data, including members' data, user IDs and passwords, secret keys, email correspondence, licenses and passports, and financial details and reports. Medusa demanded a ransom of $2 million, with a deadline of July 20, 2024, threatening to increase the ransom by $100,000 for each day the payment was delayed. The attack was disclosed on July 12, 2024, but American Golf Corporation had not confirmed the cyberattack or data breach at the time of the reports.

About the Medusa Ransomware Group

Medusa is a ransomware group that emerged in late 2022 and operates as a Ransomware-as-a-Service (RaaS) platform. The group has been involved in various high-profile attacks targeting multiple sectors globally, including education, healthcare, and government services. Medusa's ransomware is designed to kill numerous applications and services to prevent detection and mitigation, and it disables shadow copies to thwart recovery efforts. The group often releases stolen data publicly if ransoms are not paid, further pressuring victims to comply.

Potential Vulnerabilities and Impact

American Golf Corporation's extensive operations and significant market presence make it a lucrative target for ransomware groups like Medusa. The company's reliance on digital systems for managing reservations, event planning, and operational services could have been exploited by the attackers. If the data breach is confirmed, American Golf Corporation may face significant repercussions, including the need to send data breach notification letters to affected individuals and potential financial and reputational damage.

Sources

• American Golf Corporation
• Dun & Bradstreet - American Golf Corporation
• IBISWorld - American Golf Corporation
• SonicWall
• Fort Worth Report