Ransomware Group: MEDUSA

VICTIM NAME: LGB

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the MEDUSA Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

According to the leak page and its metadata, the victim is LGB, a historic automotive components manufacturer. The page describes LGB as founded in 1937 as a transport operator and now positioned as a premier supplier of automotive chains, sprockets, and chain tensioners under the brand name ‘ROLON.’ It notes a substantial manufacturing footprint of 20 chain plants and a workforce of 2,912 employees, with a headquarters in Coimbatore. The metadata lists the country as GB, while the descriptive text references Indian operations and exports to the United States, indicating an international footprint. The post is dated October 3, 2025. The page indicates a claim URL exists, though the actual link is not provided in the data, and the body excerpt shows a CAPTCHA gate (Human verification required) to access content. The leak page contains no screenshots or images and no downloadable files in the provided data.

From the available information, there is no explicit compromise date beyond the post date, and no stated impact such as encryption or a data leak, nor is any ransom amount mentioned. The content centers on a corporate profile rather than technical breach details. The CAPTCHA gate suggests access controls typical of leak sites, and there is a flag indicating a claim URL is present, implying additional material behind a gate, though no link is included in the dataset. Overall, the page presents LGB as the victim of a ransomware-related post, with no visible images or attachments and no direct data about the scope or nature of any exfiltration in the provided data.