Ransomware Group: MEDUSA

VICTIM NAME: Aldagi

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the MEDUSA Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

On August 26, 2025, Aldagi, a Georgia-based insurer operating in the financial services sector, is named as a victim on a leak page attributed to the Medusa ransomware group. The post asserts that attackers exfiltrated approximately 300.8 GB of Aldagi’s data, indicating a data-leak incident rather than full encryption of systems. The post date is provided as 2025-08-26 18:46:28, and no separate compromise date is listed in the excerpt, so this date is treated as the post date for timeline purposes. The leak entry centers on Aldagi as the victim and frames the incident as a data-leak event within the Georgian market.

Media on the leak page appears minimal: there are no images or screenshots listed, and access to the content is gated by a human verification captcha. A claim URL is indicated on the page, suggesting a link to additional information or content behind the leak entry, though the actual URL is not shown in this summary. The available excerpt does not disclose a ransom amount or a specific demand.

In the accompanying description, Aldagi is presented as a longstanding Georgian insurer with a broad product range, though the summary here retains only the victim’s name. The data-leak figure of 300.8 GB signals substantial exfiltration and aligns with standard ransomware leak patterns. The street address shown in the description is redacted to protect privacy. The post date remains the 2025-08-26 timestamp, which serves as the primary temporal reference in the absence of a separately stated compromise date. Observers monitoring this incident should watch for follow-up disclosures linked via the claimed URL or related leak postings.