Ransomware Group: MEDUSA

VICTIM NAME: Florarte

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the MEDUSA Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

On August 17, 2025, Florarte, a Brazil-based company in the Consumer Services sector that imports and distributes artificial plants and decorative products, is identified as the victim in a ransomware leak post. The page attributes the intrusion to the Medusa group and describes Florarte as having operated since 1992, with a nationwide presence, a catalog of more than 14,000 products, and a robust logistics operation. The address details in the public content are redacted. The leak page claims that 184.8 GB of Florarte’s data were leaked, indicating a data-leak scenario rather than a pure encryption event. A claim URL is indicated as present, though the exact link is not shown in this summary. Since no explicit compromise date is provided beyond the post date, the posted timestamp is treated as the publication date: August 17, 2025 at 11:10:10.

The page contains no visible images or screenshots (there are zero images) and presents no downloadable files or external links in the provided data. The text includes a CAPTCHA-style barrier: “Human verification required. We need to ensure you’re a real person. Please solve the captcha below to continue.” This gating suggests access to additional content is restricted. While the description reiterates Florarte’s business background, the exact street address is redacted; the content identifies the country as Brazil. A claim URL is noted as present, but the corresponding link is not displayed in this summary.

From a threat intelligence perspective, the leak page indicates a data-leak event involving 184.8 GB of Florarte data attributed to the Medusa group. No ransom amount or demand is disclosed in the available data. The absence of publicly visible artifacts such as images or downloadable files limits the immediate intel you can extract beyond the data volume and the CAPTCHA gate. This incident highlights the ongoing exposure of mid-sized consumer services firms in Brazil to ransomware pressures, and it warrants ongoing monitoring for any future disclosures or public data releases by Medusa related to Florarte.