The Compass Group, based in North Sydney, Australia, has confirmed a second cyberattack this month by an affiliate of the Medusa ransomware gang. This latest breach follows an earlier attack that reportedly resulted in the exfiltration of 785.5 gigabytes of sensitive data. On September 18, the gang listed the company again on its dark web leak site, indicating that over one terabyte of data may be compromised this time, including sensitive employee information such as passports, medical certificates, and salary details.
The ransom demand for the initial breach was set at $2 million; however, for this second incident, the attackers are demanding $100,000. This decrease in ransom may suggest that the data is perceived as less valuable since it has already been compromised. Compass Group’s spokesperson confirmed that they are aware of the ongoing investigation and are collaborating closely with cybersecurity experts, legal counsel, and regulatory authorities to address the situation.
In response to the unauthorized activity detected on a recently reactivated server, the company has implemented immediate security measures to contain the threat. They are also progressing in the analysis of the stolen data and have started notifying individuals whose high-risk information was exposed. The spokesperson emphasized their commitment to ensuring the ongoing security and stability of their systems while providing support to those affected by the data breaches.
Cybersecurity expert Shannon Sedgwick highlighted that experiencing multiple attacks from ransomware groups like Medusa is not uncommon. These groups employ sophisticated techniques that can evade detection, making it crucial for organizations to ensure thorough malware removal and to restore from verified clean backups. Compass Group, a subsidiary of the UK-based firm of the same name, is Australia’s largest food and support services company, employing around 13,000 people and providing essential services across various sectors, including education, mining, and healthcare.
