American Golf Corporation, an experienced and innovative operator in the golf industry in the United States, has allegedly fallen victim to a cyberattack from the notorious MEDUSA ransomware group. The hackers allegedly exfiltrated 154.9 GB of data, including email correspondence, members’ data, orders, full access account credentials (User ID, Passwords, Secret Keys), reports, licenses, passports, and financial data.
Details of the American Golf Corporation Ransomware Attack
According to its Linkedin profile, American Golf, over its 50-year history, “has been involved with more than 325 golf courses for various private entities or public agencies.” Currently, American Golf manages over 70 facilities across the United States.
The MEDUSA group has shared details of the data breach on its dark web channel, “MEDUSA BLOG”, including a countdown timer adding pressure to the situation.
The bad actor has set an ominous deadline of 8 days for the corporation to meet its demands. MEDUSA has demanded a ransom of $2,000,000. Additionally, for every day that passes without payment, the ransom amount increases by USD $100,000. MEDUSA is also willing to delete all the data for a ransom of $2,000,000.
As of now, the American Golf Corporation has not issued an official response or statement regarding the data breach. The Cyber Express has reached out to the organization to gather insights into the incident, but no information has been provided at the time of writing.
Previous Cyberattacks on Golfing Industry
The golfing industry saw a high-profile cyberattack in 2018 when the Professional Golfer’s Association (PGA) of America was hit by a ransomware attack. According to this article by NBC news, files associated with the PGA Championship and the Ryder Cup in France were locked in the attack. The hackers were able to encrypt some of the PGA’s files and had then directed the association to an email address and Bitcoin wallet.
Last year, Golf club maker Callaway reported a data breach of its website which affected more than one million people. The compromised information included account passwords and answers to security questions, as well as names, mailing addresses, email addresses, phone numbers and order histories.
MEDUSA Ransomware: Rising Number of Attacks
This cyberattack on the American Golf Corporation is not an isolated incident. In the last month, MEDUSA ransomware intensified their attacks. They targeted the Harry Perkins Institute in Australia and allegedly exfiltrated 4.6 TB of internal building camera recordings of the institute and demanded a ransom of $500,000.
AJE Group, a prominent company in the manufacture, distribution, and sale of alcoholic and nonalcoholic beverages in Peru, also became a victim of MEDUSA where the group exfiltrated 646.4 GB of the company’s data.
MEDUSA first emerged in June 2021 and has since launched attacks on organizations across various countries and industries, including healthcare, education, manufacturing, and retail. Despite its global reach, most victims have been based in the United States.
MEDUSA operates as a Ransomware-as-a-Service (RaaS) platform, offering malicious software and infrastructure to would-be attackers. This model enables less technically skilled criminals to launch sophisticated ransomware attacks. MEDUSA’s threat actors often utilize a public Telegram channel to post stolen data, leveraging public exposure as an extortion tactic to pressure organizations into paying the ransom.
While the authenticity of the ransomware attack on the American American Golf Corporation remains unconfirmed, the potential consequences are significant. The Cyber Express will continue to monitor this ongoing situation and provide updates as more information becomes available.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
