Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Hackers are looking to make a US$100k payday from one of Australia’s largest hospitality groups.
The Medusa ransomware operation is claiming to have successfully hacked the Australian hospitality company, the Oscars Group.
Oscars was listed as a victim by the hackers on November 5, and they are threatening to publish the data it exfiltrated within 20 days as of the time of publishing.
Medusa has not disclosed the volume of the data it has in its possession, but has listed several files by way of evidence of the hack. These include invoice listings, details of employee work hours, details of events and event contacts, and details of daily takings from various venues. While some documents are several years old, others are dated as recently as November 2025. Also included are several scans of driver’s licences alongside listings of employees’ personal addresses and Tax File Numbers.
According to a file tree published by Medusa, the stolen data includes more than 130,000 documents and scans of several dozen passports.
Much of the data appears to be linked to the Lakes Resort Hotel in South Australia, which Oscars acquired this year from South Australia-based hotel group Fahey Hotels.
Medusa is currently demanding US$100,000 to simply delete the data, or – for the same amount – the data can be purchased. Additionally, the date of publication can be delayed by US$10,000 a day.
The Oscars Group has not responded to Cyber Daily’s request for comment.
Shannon Sedgwick, partner, national cyber security practice, at MinterEllison Consulting, shared some threat intelligence regarding Medusa following a cyber attack targeting another Australian business, the North Sydney-based Compass Group, in late 2024.
“Medusa is a ransomware-as-a-service (RaaS) group that employs living-off-the-land techniques by using legitimate software tools for malicious purposes, which are difficult to detect when viewed alongside regular network traffic because it mimics normal behaviour,” Sedgwick told Cyber Daily.
“Medusa are adept at evading detection by security teams and maintaining persistence in victim networks post-discovery by using remote management and monitoring tools to remotely execute a payload and install vulnerable drivers to impair defences by shutting down the likes of Microsoft Defender. They also move laterally across networks by modifying registry keys and creating scheduled tasks.”
The Oscars Group owns several popular pubs in Sydney’s Inner West, as well as hotels and other venues around the country.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
