cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Kadac Australia hit by Medusa ransomware attack, threat group demands $100k

A cyber attack on an Australian organic and health product supplier has resulted in business and personal data being leaked.

user icon Daniel Croft
Thu, 15 Feb 2024
Kadac Australia hit by Medusa ransomware attack, threat group demands $100k
expand image

Kadac Australia, a Victoria-based company, discovered it had been the victim of a ransomware attack on 12 February 2024.

On the same day, the Medusa ransomware gang listed Kadac on its leak site, setting a 10-day deadline for the company to fork out $100,000 in ransom to prevent its data from being leaked, a small number compared to previous Medusa ransom values, which have exceeded over US$1 million in the past.

Exfiltrated data includes customer details such as first names, last names and email addresses, email correspondence with brands and suppliers, financial data, marketing data, certificates and other confidential business data.


Cyber Daily reached out to Kadac Australia for comment on the issue but has yet to receive word from the company.

The Medusa ransomware gang first appeared in June 2021, with some reports saying it was observed in 2019. The threat actor operates a ransomware-as-a-service (RaaS) called MedusaLocker.

The group’s attack strategy involves using phishing campaigns and exploiting vulnerable Remote Desktop Protocols (RDP) to gain system access before employing PowerShell for command execution.

It then deletes shadow copy backups to prevent the victim from restoring data.

Medusa has a history of attacking Australian organisations, only last year claiming an attack on an NSW cancer treatment centre.

The Crown Princess Mary Cancer Centre, which is part of Westmead Hospital, was targeted midway through last year, with the alleged ransomware attack being discovered on 4 May 2023.

Despite Medusa threatening to release stolen data, NSW Health investigations indicated that databases were not accessed.

“NSW Health continues to investigate this issue, which does not appear to have impacted any NSW Health databases, nor Crown Princess Mary Cancer Centre databases,” said an NSW Health spokesperson.

“The safety and security of all NSW Health systems remains of highest importance and is continually monitored and safeguarded.”

The Kadac Australia incident is a developing story. Cyber Daily will provide updates as new information becomes known.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.