Medusa cybercrime gang takes credit for another attack on US municipality

The Medusa ransomware group says it is responsible for an attack on a government agency in Texas. 

The Tarrant County Appraisal District — which determines property values for tax purposes in the Fort Worth area — confirmed to Recorded Future News two weeks ago that it was a victim of a ransomware attack. 

On Monday, the Medusa cybercrime gang took credit for the incident, threatening to leak nearly 218 gigabytes of data in six days if a $100,000 ransom is not paid. 

County officials did not respond to requests for comment about whether the ransom would be paid, but they released a warning on April 3 that about 300 people had data accessed by the hackers. 

“On March 21, 2024, Tarrant County Appraisal District experienced a network disruption. In response to the discovery, we took steps to secure our network and are working with leading independent cybersecurity experts to assist with the investigation, response, and restoration process,” Jon Don Bobbitt, chief appraiser with the Tarrant Appraisal District, previously told Recorded Future News. 

“Our investigation has confirmed that the Tarrant County Appraisal District has been the victim of a criminal ransomware attack. We have reported this incident to the Federal Bureau of Investigation and the Texas Department of Information Resources and will cooperate with any resulting investigation.”

Bobbitt said officials were “working diligently” to restore operations. 

In addition to the Tarrant County incident, the Medusa gang recently attacked the government of an Illinois county on the border with Iowa. 

The group first emerged in 2023, and its victim list quickly grew to include an Italian company that provides drinking water to nearly half a million people; one of the largest school districts in Minnesota; the French town of Sartrouville; Tonga’s state-owned telecommunications company; and most recently the government organization that manages the universal healthcare system of the Philippines.

Medusa drew headlines in the fall for an attack on Toyota and a technology company created by two of Canada’s largest banks. In January, the hackers attempted to extort Water for People, a nonprofit that aims to improve access to clean water.