UK council confirms cyber attack after $600K ransom demand from Medusa

Yesterday, ransomware gang Medusa added Gateshead Council to its data leak site. It demanded $600,000 for the data to be deleted or it will be released in nine days. Gateshead Council has since released a statement confirming a ‘cybersecurity incident.’

In its statement, it says:

The incident happened in the early hours of Wednesday 8 January, and officers have been working since then to investigate and understand the impact. These investigations have shown some personal data has been infringed. Those impacted are being contacted directly by council officers.

It also goes on to say that the incident has now been contained and business continues as usual. It also advises residents and customers to be on the look out for any potential phishing emails or unauthorized activity on accounts, to change passwords if they suspect their account has been compromised (using strong, unique passwords in the process), and to be cautious when asked to share information.

Who is Medusa?

Medusa first surfaced in September 2019 and debuted its leak site in February 2023, where it publishes stolen data of victims who don’t pay ransoms. Medusa often uses a double-extortion approach in which victims are forced to pay twice: once to decrypt their systems, and once for not selling or publishing stolen data.

Since its inception, we’ve tracked 107 confirmed attacks via this group with an average ransom of nearly $690,000. 16 government entities are among those confirmed attacks but this is the first entity within the UK to have been confirmed.

In 2024, we also noted 149 unconfirmed attacks via this group and have tracked three so far this year.

Ransomware attacks on government organizations

In 2024, we noted 182 attacks on government agencies across the globe. The average ransom across these attacks was $2.3 million.

England’s National Museum of the Royal Navy also confirmed it had been hit by a ransomware attack in December 2024 as did three US government entities (Wood County, RIBridges, and Pittsburgh Regional Transit), Japan’s Ako City Board of Education, Australia’s Muswellbrook Shire Council, and Turks & Caicos Islands Government.

Gateshead Council isn’t the only entity to have suffered an attack this year, either. The City of West Haven and Laramie County Library System in the US also suffered similar incidents as did Slovakia’s land registry. Additionally, the Department of Children and Family in Bayan-Olgii Province, Mongolia, suffered an attack via ransomware group Funksec which appears to have defaced its website with messages from the gang.

Last year we noted 103 unconfirmed attacks on this sector with nine noted so far this year.

About Gateshead Council

Located in the north of England in the county of Tyne and Wear, the Metropolitan Borough of Gateshead serves a population of 196,100. and employs over 4,190 people.