Chemring Group Medusa ransomware attack

This afternoon, ransomware group Medusa added UK-based technology company Chemring Group PLC to its data leak site. It alleges it has stolen 186.78 GB of data and is demanding a $3.5 million ransom for its deletion.

Comparitech contacted Chemring and received the following statement:

Chemring has been made aware of a post that has appeared on X (formerly Twitter) alleging that the Group has been subject to a ransomware attack.

 

An investigation has been launched, however there is currently nothing to indicate any compromise of the Group’s IT systems, nor have we received any communication from a threat actor suggesting that we have been breached. We confirm that all Chemring businesses are operating normally.

 

Our preliminary investigations lead us to believe that this attack was on a business previously owned by Chemring but where there is no ongoing relationship or connection into our IT systems.

 

As this is subject to an ongoing criminal investigation we cannot comment further at this stage.

Medusa only states that it is in possession of “confidential documents, databases, and solidworks design files.” It doesn’t confirm whether a ransom was demanded prior to the post on its leak site or whether it had encrypted systems.

The large ransom from Medusa could be due to the fact that it believes it has infiltrated the Chemring Group which operates within the aerospace, defense, and security markets.

While this attack remains unconfirmed at this time, we will update the post if there is any further information. This includes details on the company previously owned by Chemring that it believes could have been affected.

Who is Medusa?

Medusa first surfaced in September 2019 and debuted its leak site in February 2023, where it publishes stolen data of victims who don’t pay ransoms. Medusa often uses a double-extortion approach in which victims are forced to pay twice: once to decrypt their systems, and once for not selling or publishing stolen data.

Medusa has been confirmed as the gang behind 17 attacks worldwide so far this year, as well as 64 unconfirmed attacks.

Medusa is responsible for 56 confirmed attacks since it began operating, according to our data. Its average ransom is $790,000, highlighting how high the one issued against Chemring Group is.

More about Chemring Group PLC

Located in Romsey, UK, Chemring Group offers technology products and services to the aerospace, defense, and security markets. Its customers include National Defense and Security agencies.