Ransomware Group: MEDUSA

VICTIM NAME: RE/MAX

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the MEDUSA Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to RE/MAX, a prominent player in the consumer services sector, specifically in real estate. The attack was discovered on June 1, 2025, with the incident dating back to May 27, 2025. The data breach resulted in the exposure of approximately 151.80 GB of sensitive data, which highlights the significant scale of the leak. The group responsible for the attack is identified as “medusa,” and they have demanded a ransom of around 200,000 USD. The compromised data includes internal information such as employee details, company URLs, and possibly confidential client information, which could have serious implications for the organization. The publicly accessible screenshot shows internal documents, indicating a breach of internal data confidentiality.

The leak features extensive information related to various infostealers used during the attack, including the Azorult, Lumma, RedLine, and others, with multiple third-party domains involved in the malware activity. The breach has affected a large number of users and employees, with over 620 user accounts potentially compromised. The incident underscores the importance of robust cybersecurity measures in protecting sensitive corporate data. No personally identifiable information or specific client data is explicitly detailed in the leak summary, but the magnitude of the breach suggests a high risk of exposure of confidential information. The incident showcases the threat landscape faced by organizations in the real estate industry and the importance of proactive security strategies.