Ransomware Group: MEDUSA

VICTIM NAME: San Jose Country Club

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the MEDUSA Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page concerns San Jose Country Club, a well-established private golf club located in Northern California, USA. The club, founded in 1899, caters to families and golf enthusiasts, offering amenities such as year-round golf, dining, social activities, and event facilities for weddings and special gatherings. The leak indicates a significant data breach involving approximately 117.5 GB of data, which was discovered on June 9, 2025. The attack was perpetrated by the threat group known as “medusa,” and the ransom demanded amounts to $150,000. The page includes a screenshot depicting internal documents or sensitive information related to the club but does not specify exact compromised data.

The leak reveals extensive information about the club’s operations, facilities, and services, which could potentially be exploited for malicious purposes. The compromised data may include member details, operational plans, or internal communications, but no PII or specific sensitive details are directly disclosed in the summary. The threat actors have published a claim URL and are likely to release additional information or data unless the ransom is paid. The breach was identified and disclosed shortly after the attack, with visual evidence provided through the included screenshot. Overall, the incident underscores the importance of cybersecurity measures for organizations handling valuable personal and operational data.