[MEDUSA] – Ransomware Victim: Simon Property Group
NOTE: No files or stolen information are exfiltrated, downloaded, taken, hosted, seen, reposted, or disclosed by RedPacket Security. Any legal issues relating to the content should be directed at the attackers, not RedPacket Security. This blog is an editorial notice informing that a company has fallen victim to a ransomware attack. RedPacket Security is not affiliated with any ransomware threat actors or groups and will not host infringing content. The information on this page is automated and redacted whilst being scraped directly from the MEDUSA Onion Dark Web Tor Blog page.
AI Generated Summary of the Ransomware Leak Page
A ransomware entry published by the Medusa group targets Simon Property Group, a United States–based real estate investment trust that owns, develops, and manages premier shopping malls, outlets, and lifestyle centers. The post is dated 2025-10-28 20:05:00.000000, which the dataset treats as the post date since no separate compromise date is provided. The leak page text appears sparse and is protected by a human verification captcha, indicating anti-bot measures on the public page. The metadata notes the presence of a claim URL on the page, but there is no visible ransom amount or explicit encryption/data-leak detail shown in the provided excerpt. No images, downloads, or linked documents are evident on the leak page in the supplied data.
Background information included in the leak entry describes Simon Property Group as a leading real estate investment trust based in Indianapolis, Indiana, with operations spanning the United States and internationally. The text emphasizes SPG’s role in owning, developing, and managing high-profile retail properties and centers for millions of visitors each year, while noting that the company is headquartered in Indianapolis and employs about 3,000 people (the street address is redacted in this summary for privacy). Within this dataset, the Industry field lists Financial Services, though the narrative background portrays SPG as a retail real estate operator, which may reflect dataset labeling rather than the business domain described on the page. This contextual detail helps frame the victim’s scale and sector, even though no leaked files or internal artifacts are visible in the public excerpt.
From the available page data, there is no explicit disclosure of encryption status or the amount of data allegedly exfiltrated, and no ransom figure is provided. The page shows no screenshots or internal documents accessible in this extract, and no personal contact details are present beyond redacted corporate information. The existence of a claim URL suggests the actors intend to direct readers to a channel for claims or negotiations, but the exact link is not included in this summary. Taken together, the entry is consistent with a ransomware leak post that foregrounds a named victim and a post date, while offering minimal public artifacts and without visible demonstrate artifacts such as images or downloadables.
Support Our Work
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.
