The Medusa ransomware group has listed Canada’s Moneris Solutions Corp., a partnership of two of the country’s biggest banks which provides the point of sales IT network and terminals used by retailers across the country.
This morning Brett Callow, a Canadian-based threat researcher for Emsisoft, tweeted the news on the X platform. A screen shot of the gangs’ blog says it is demanding $6 million for the deletion of stolen data, or the information will be publicly released in eight days.
In a statement responding to a query from IT World Canada, Darren Leroux, Moneris’ director of communications, said that “we can confirm that an attempt was made by an external party and our cybersecurity team prevented access to any critical data. Following the attempt, our team did a full audit and analysis of the incident, reviewed all information, and concluded none of our digital loss prevention policies were triggered.
“Cybersecurity is a top Moneris priority, and we take the protection of our customers and their data seriously. We employ a dedicated team to manage and respond to cyber risks and their swift actions ensured Moneris and its customers were not impacted.”
Moneris was asked to clarify its statement that no “critical” data was accessed by the attacker. The gang has posted what it says are screenshots of stolen Moneris data.
Asked about the Moneris statement, Callow said it’s possible Medusa got nothing, so listing Moneris is an attempt to “shake down” the company. “This wouldn’t be the first time Medusa has listed a victim and never produced proof of the attack. That has happened before. They may simply hope that by listing an organization they may pay up, because it’s not always easy to conclusively rule out the possibility that data was taken. Sometimes [threat] groups will try to leverage that to their advantage by claiming to have data they do not [have].”
Moneris is a joint venture between the Royal Bank and the Bank of Montreal. It says more than 325,000 retailers, tradespeople, and businesses are connected to the Moneris network for wired or wireless processing of credit and debit card or business-to-business transactions.
The company also offers a full e-commerce solution for retailers based on the Wix platform. That allows retailers to offer customers the ability to pay using a digital wallet or eGift cards.
Among the Medusa gang’s latest victims are the Philippine Health Insurance Corporation, which in September was asked to pay US$300,000 for decryption keys to unscramble compromised data and the deletion of stolen data; the Minneapolis Public School System, which in February was asked to pay US$1,000,000 to delete data the gang stole. In May that data — including students’ psychological reports — was published.
Earlier this month, Medusa also claimed to have attacked the Canadian Psychological Association and is demanding $200,000 for the deletion of stolen data. IT World Canada asked the CPA for comment on Nov. 5, but received no response.
The Medusa gang is a separate group from those running the MedusaLocker ransomware operation.