Ransomware Group: MEDUSA

VICTIM NAME: Franklin Pierce Schools

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the MEDUSA Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware group named Medusa claimed responsibility for compromising Franklin Pierce Schools, an educational district based in Tacoma, Washington. The attack was publicly disclosed on August 2, 2025, with the threat actor demanding a ransom of approximately $400,000. The attackers leaked a substantial volume of data, totaling over 821 gigabytes, which likely includes sensitive internal information of the school district. The leak signifies a significant cybersecurity incident, affecting the operational integrity of the district’s 15 schools. The threat actor’s leak page features a screenshot, possibly depicting the compromised data or related internal documents. No specific personal or PII details are provided in the public summary, but the leak underscores the importance of robust cybersecurity measures for educational institutions.

Additional details reveal that the attack occurred several days before the leak was made public, with the breach discovered on August 2, 2025. The group’s claim highlights its involvement and the substantial ransom demand. The attack targets an organization with around 658 employees and significant data security concerns, as evidenced by the volume of leaked data. The leak page includes a link to the threat actor’s detailed claim and displays a screenshot, which may contain visual evidence or internal documentation. This incident emphasizes the ongoing threat landscape faced by educational and public sector organizations, necessitating heightened cybersecurity vigilance to mitigate such risks in the future.