Ransomware Group: MEDUSA

VICTIM NAME: Organon

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the MEDUSA Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

Organon, a U.S.-based healthcare company with roughly 10,000 employees, is identified as the victim on the ransomware leak page. The page, attributed to the Medusa threat group, asserts that 478.2 GB of Organon data has been leaked as part of a data-leak incident rather than a straightforward encryption event. The leak page’s post date is September 26, 2025 at 15:59:49, and this timestamp is presented as the page’s release date since no separate compromise date is provided.

The leak page indicates a CAPTCHA gate that requires human verification to access content, a common measure to deter automated access. A defanged claim URL is listed on the page. There are no visible downloads or images—no screenshots or attachments are shown in the provided data. The description offers Organon’s corporate profile but the street address is redacted to protect privacy; the organization is described as headquartered in New Jersey, USA.

Overall, the page presents Organon as a large healthcare company and claims a data leakage of 478.2 GB, but it does not disclose the data categories involved, an encryption status, or any ransom amount. The post date is used as the public release date, and there is no explicit compromise date listed beyond that. The lack of attached files or images, combined with the CAPTCHA barrier and a defanged claim URL, is consistent with leakage-focused posts that emphasize data exposure rather than visible files.