Ransomware Group: MEDUSA

VICTIM NAME: MRC de Maskinongé – district

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the MEDUSA Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak pertains to a government district in the Canadian province of Quebec, specifically the MRC de Maskinongé. The attack was discovered on April 20, 2025, with data likely compromised on April 19, 2025. The breach affected a local administrative district that manages 17 municipalities across a large area exceeding 2,600 square kilometers. The impacted entity has approximately 83 employees and manages sensitive data totaling around 713.20 GB. The group responsible for this attack is identified as “medusa,” and the ransom demand was set at 100,000 units of an undisclosed currency. The leak includes screenshots of internal documents and other data leaks without exposing any PII or sensitive information.

The leak indicates a significant data breach involving public sector information, potentially containing critical administrative records and internal communications. The compromised data could pose risks to local governance and public services, highlighting the severity of the attack. The publicly available claim URL points to a dark web site where additional details and data are accessible. The breach’s scope and the volume of leaked data emphasize the importance of cybersecurity measures for government entities, especially those managing extensive public services and citizen information. The images shared include screenshots of internal documents, and the leak’s overall impact suggests substantial disruption to the affected district’s operations.