Ransomware gang Medusa has, this afternoon, added Albany College of Pharmacy and Health Sciences to its data leak site. It has issued the college with a $150,000 ransom, giving it just less than four days to pay up before the data is released.
This follows confirmation of a ‘network security incident’ at the college on September 17. Classes and labs were set to resume the following day.
Albany College of Pharmacy and Health Sciences has provided no further updates, so we do not know whether a ransom was demanded, how Medusa potentially infiltrated the college’s systems, or how many people could have been affected by this incident. Comparitech has contacted the college for more information and will update this article if it responds.
In the meantime, out of precaution, we highly recommend students and employees of the college are on high alert for any potential phishing messages and/or unusual account activity.
Who is Medusa?
Medusa first surfaced in September 2019 and debuted its leak site in February 2023, where it publishes stolen data of victims who don’t pay ransoms. Medusa often uses a double-extortion approach in which victims are forced to pay twice: once to decrypt their systems, and once for not selling or publishing stolen data.
According to our data, Medusa is responsible for 91 confirmed attacks worldwide since it began operating. Its average ransom is $732,000, which makes this demand against Albany College of Pharmacy and Health Sciences well below average.
Medusa was also recently confirmed to be an attack on Providence Public Schools (Rhode Island). A $1 million ransom was demanded from the school district which it refused to pay.
We have also tracked 118 unconfirmed attacks via this group this year so far.
Ransomware attacks on US schools & colleges
So far this year, we’ve logged 42 confirmed attacks on US schools and colleges. Even with several months to go, this is significantly lower than the 122 noted in 2023.
As well as Providence Public Schools, other recently confirmed attacks include: Gadsden Independent School District, Richmond Community Schools, Cincinnati Public Schools, and Highline Public Schools.
The average ransom across these attacks this year is $562,500. But, as our recent study found, ransom demands aren’t the only cost schools face when hit with such attacks. On average, US schools face costs of $500K per day of downtime lost to a ransomware attack.
We have also noted 51 unconfirmed attacks on US schools and colleges this year so far.
About Albany College of Pharmacy and Health Sciences
Albany College of Pharmacy and Health Sciences is a private, independent college that’s home to over 800 students. It was first established in 1881 as Albany College of Pharmacy before becoming Albany College of Pharmacy and Health Sciences in the 2000s.