Ransomware Group: MEDUSA

VICTIM NAME: Weil Construction, Inc

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the MEDUSA Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to Weil Construction, Inc., a construction company headquartered in Albuquerque, New Mexico, USA. The company provides construction services for government agencies, educational institutions, and private sector clients. The leak indicates a significant data breach, with approximately 118.6 GB of data compromised. The attack was discovered on May 1, 2025, and the compromise is attributed to the “Medusa” ransomware group. The perpetrators demand a ransom of around 100,000 USD to prevent the release of sensitive information. The page includes a screenshot suggesting the publication of some internal documentation, although specific data details are not shown here. Publicly available, though the mention of leaked data and demands highlights potential operational and confidentiality impacts for the affected organization.

The leak site communicates a clear warning about data exposure involving the company’s internal materials. No personally identifiable information or employee details are available from the leak summary, and the information appears to focus on corporate data. The attack’s discovery and ongoing updates are documented with timestamps, indicating active monitoring by the threat actors. Additional details suggest that the group behind this attack operates under the “Medusa” ransomware banner, which is known for targeting organizations across multiple sectors. The incident underscores the importance of cybersecurity vigilance within the construction industry, especially for firms handling sensitive and federally contracted projects. The leak emphasizes potential risks to the company’s reputation, client trust, and operational security.