Ransomware Group: MEDUSA

VICTIM NAME: Lake Shore Paving

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the MEDUSA Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware attack targeted Lake Shore Paving, a construction company based in Jamestown, New York, United States. The incident was discovered on May 9, 2025, shortly after the attack occurred, which was dated May 6, 2025. The breach resulted in the leak of approximately 112.30 GB of sensitive data. The threat group responsible for this attack is identified as “Medusa,” and the ransom demand was set at 100,000 USD. The leaked data may include internal company information, potentially exposing proprietary project details and operational data, although specific contents were not disclosed publicly. The company is involved in excavation, utility work, asphalt paving, and concrete paving, emphasizing the impact on their construction activities. The leak has been publicly documented on dark web platforms, and a screenshot of the affected webpage is available, showing evidence of the breach. Additionally, the attackers have updated the company’s website post-attack, indicating ongoing malicious activity.

The data breach underscores the ongoing cyber threats facing construction firms and the importance of cybersecurity measures in protecting sensitive operational data. While specific files or data fragments have not been detailed, the leak of over 112GB of company information could have significant operational and competitive implications. The breach may also expose internal communications, project plans, and employee information, although no PII has been explicitly mentioned or confirmed in publicly available summaries. The ransomware group has publicly listed the ransom amount and provided access links on dark web sites, but detailed contents of the leaks remain undisclosed. The incident highlights the need for organizations to strengthen cyber defenses against increasingly sophisticated cybercriminal groups targeting industrial and construction sectors.