Ransomware Group: MEDUSA

VICTIM NAME: Nottingham Construction

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the MEDUSA Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak pertains to Nottingham Construction, a company operating within the construction industry and based in the United Kingdom. The attack was discovered on May 14, 2025, and it involved a data breach exposing approximately 252.5 GB of sensitive information. The company, established in 1989 and incorporated in 1998, provides commercial carpentry services and functions as a general contractor mainly serving retail clients across the United States, with its headquarters located in Warminster, Pennsylvania. The financial demand from the attackers is approximately $200,000, reflecting the seriousness of the breach and the potential impact on the company’s operations. The leak includes internal data and possibly confidential files that could affect the company’s reputation and operational security.

The leak page features a screenshot illustrating some of the compromised data, providing visual evidence of the breach. The attackers, associated with the group known as Medusa, have publicly listed the extortion demand and shared a detailed claim URL hosted on a dark web .onion site. This indicates that the compromised information might include internal documents or project details. The data leak emphasizes the importance of cybersecurity measures, especially for firms involved in construction and large-scale projects, which often handle sensitive client and project data. No specific personal employee information is visible or disclosed in publicly available summaries, ensuring privacy is maintained in this report.