Ransomware Group: MEDUSA

VICTIM NAME: Lithium Americas Nevada

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the MEDUSA Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to a cybersecurity incident involving Lithium Americas Nevada, a company operating within the energy sector, specifically focusing on lithium mining and exploration. The attack was publicly disclosed on April 20, 2025, with the attack itself reportedly occurring on April 16, 2025. The group responsible for the attack is identified as “medusa,” and the hackers have claimed a ransom demand of 200,000 units of an unspecified currency. The leak indicates that sensitive data has been compromised, with the page including a screenshot of internal documents to illustrate the breach. While no specific data files are detailed in the provided information, the presence of a download link or leak confirms a data breach of potential significance for the victim.

The victim is based in the United States and is engaged in lithium exploration activities, with operations in Canada as well. The company has approximately 500 employees and is situated in Vancouver, British Columbia. The leak page features a visual screenshot that provides insight into the extent of the breach, exemplified by images of internal documentation. The attack date is clearly listed, and the group behind the incident appears motivated by financial gain, as evidenced by the ransom demand. No personally identifiable information or sensitive operational details are explicitly revealed, but the leak signifies a serious cybersecurity incident that could impact the company’s operations and reputation. Additional information and potential data leaks are accessible via the provided dark web claim URL.