Medusa Ransomware Attack on Royal Brighton Yacht Club

Victim Profile: Royal Brighton Yacht Club

The Royal Brighton Yacht Club (RBYC), established in 1875, is a premier sailing club located in Brighton, Victoria, Australia. Known for its rich maritime tradition, RBYC offers a variety of sailing programs, including racing, training, and youth programs. The club also provides extensive facilities such as dining areas, social spaces, and health and fitness amenities. With an estimated employee count of 8 to 25 and annual revenue below $5 million, RBYC is a notable entity in Melbourne's hospitality sector.

Attack Overview

The Medusa ransomware group has claimed responsibility for a recent cyberattack on RBYC, which has been publicized on their dark web leak site. The hackers reportedly stole over 94 gigabytes of data, including personal information of employees and members, financial records, and internal documents. The attack was executed through a compromised third-party remote support tool, leading to the encryption of the club’s systems. Medusa is demanding a ransom of $100,000, with an eight-day deadline for payment.

Details of the Breach

The stolen data includes names, addresses, phone numbers, membership details, employee superannuation, contact information, internal emails, and some login credentials. In response, RBYC has engaged a cybersecurity firm to manage the incident, isolate affected systems, and restore services. The incident has been reported to the Australian Cyber Security Centre (ACSC), and the club is fully cooperating with the investigation. Notifications are being sent to individuals affected by the data breach.

Medusa Ransomware Group

Medusa is a ransomware group that emerged in late 2022, operating as a Ransomware-as-a-Service (RaaS) platform. The group has been involved in various high-profile attacks across multiple sectors globally. Medusa's ransomware is designed to kill numerous applications and services to prevent detection and mitigation, and it disables shadow copies to thwart recovery efforts. The group often releases stolen data publicly if ransoms are not paid, further pressuring victims to comply.

Penetration and Impact

The attack on RBYC was facilitated through a compromised third-party remote support tool, highlighting the vulnerabilities associated with third-party services. The breach has led to significant operational disruptions and potential reputational damage for the club. RBYC is focused on protecting data, minimizing disruption, and enhancing its cybersecurity measures to prevent future attacks.

Sources

• Royal Brighton Yacht Club
• Dun & Bradstreet
• Fort Worth Report
• HIPAA Journal
• SonicWall