Ransomware Group: MEDUSA

VICTIM NAME: Prosecuting Attorneys’ Council of Georgia

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the MEDUSA Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware group Medusa claimed responsibility for attacking the Prosecuting Attorneys’ Council of Georgia, a governmental agency supporting prosecutors within the state’s judicial system. The attack was publicly disclosed on July 6, 2025, with an attack date recorded as July 3, 2025. The group demanded a ransom of 500,000 units of cryptocurrency in exchange for data decryption and to prevent further data leaks. The leak appears to include sensitive information and system details related to the victim organization. The threat group provided a link to a dedicated leak page, which is accessible via a dark web address, and shared a screenshot indicating possible internal document exposure.

The attack has revealed limited internal details, but the leak suggests potential exposure of confidential information related to the judicial support agency. The group responsible, Medusa, reportedly engaged in infostealing activities, including the collection of certain internal data, possibly targeting employees and third-party associations. The publicly shared screenshot indicates the leak may contain internal documentation or sensitive operational data. The victim operates in the public sector within the United States and maintains an active online presence through its website. The incident underscores the ongoing cybersecurity challenges faced by government organizations, especially those handling legal and judicial processes.