Williams County Abstract Company over the weekend confirmed it notified 635 people about a March 2024 data breach that compromised names and Social Security numbers.
Ransomware group Medusa claimed responsibility for the attack, demanding $100,000 in exchange for not selling or publicly releasing 51 GB of stolen data.
The North Dakota title company has not verified Medusa’s claim. WCAC says it discovered the breach on March 21 and concluded its review of the incident on July 16, 2024. Medusa made its demand on March 29, 2024, and gave WCAC one week to pay the ransom.
“Following discovery, [WCAC] immediately took steps to secure the network and engaged a dedicated team of external cybersecurity experts to assist in responding to and investigating the incident,” the data breach notice reads. “As a result of the investigation, WCAC learned that an unauthorized actor acquired certain files and data stored within its systems.”
We do not yet know whether WCAC paid the ransom or how attackers breached the company’s network.
Comparitech recommends victims take advantage of the free credit monitoring and ID restoration services offered by WCAC via IDX.
Who is Medusa?
Medusa first surfaced in September 2019 and debuted its leak site in February 2023, where it publishes stolen data of victims who don’t pay ransoms. Medusa often uses a double-extortion approach in which victims are forced to pay twice: once to decrypt their systems, and once for not selling or publishing stolen data.
Comparitech researchers tracked 79 confirmed attacks claimed by Medusa to date, affecting more than 237,000 records. 38 of those attacks took place in 2024. Medusa’s average ransom is $760,000.
We logged a further 95 unconfirmed attacks claimed by Medusa so far this year.
Ransomware attacks on US services
Ransomware attacks can disrupt daily operations and force businesses to resort to pen and paper. They can shut down billing, payroll, file storage, websites, and more until a ransom is paid or backups are restored, causing delays for clients and customers.
Comparitech has recorded 21 attacks on service-based US businesses like WCAC since 2018, affecting 215,151 records. Medusa claimed responsibility for four of those attacks on Anders Group, John R Wood Properties, and Urban Strategies.
About Williams County Abstract Company
Williams County Abstract Company is a North Dakota-based title company that helps customers buy or sell local residential and commercial property. Its services include abstracting, title searches, escrow, and title insurance.