Ransomware Group: MEDUSA

VICTIM NAME: PANSARD & ASSOCIES

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the MEDUSA Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak pertains to a company identified as PANSARD & ASSOCIES, a consultancy firm based in Roubaix, France. The leak was discovered on August 6, 2025, and the breach was announced to have occurred approximately three hours earlier. The involved threat group is known as ‘medusa,’ which is associated with sophisticated cyberattack activities. The leaked data amounts to roughly 566.2 GB, indicating a significant breach of internal information. Although specific details about the data types leaked have not been disclosed, the size suggests that extensive sensitive documents and confidential files could be among the compromised materials. The threat actors have set a ransom demand of 100,000 units of the relevant cryptocurrency.

The leak page includes a screenshot that appears to show internal documents or data dashboards. The publication emphasizes the severity of the breach, incorporating details about the ransom amount and the specific group responsible. The company’s activities involve public accounting, auditing, and mergers and acquisitions, with experienced consultants holding memberships in significant industry organizations. The attack does not specify particular data included in the leak, but given the company’s operational scope, it potentially exposes strategic, financial, and client-related information. No direct links to download the data are provided on the leak page, but the presence of a claim URL suggests further details can be accessed through the provided dark web link.