Medusa Ransomware Allegedly Claims Comwave Cyberattack

The pilfered data includes personal documents like IDs, passports, invoices, email screenshots, and an Excel database.

by Ashish Khaitan May 21, 2024

Share on LinkedInShare on Twitter

The Medusa ransomware group has allegedly claimed a cyberattack on Comwave, a Canadian communications giant.

The ransomware actors listed Comwave as its latest victim after a likely attack on May 18, which targeted critical information contained on the company’s customer database.

Comwave Networks Inc., claims to be the largest independent communications company in Canada and is renowned for providing internet, network security solutions, and customer support services. Based in the Toronto district of North York and run by president and CEO Yuval Barzakay, Comwave was established in 1999 and serves across Canada. The company also provides some wholesale services in the United States. In 2023, Comwave was acquired by Rogers Communications.

Medusa ransomware actors claimed infiltrating Comwave’s systems, and exfiltrating a nearly 274.8 gigabytes of sensitive data.

Comwave Cyberattack Allegedly Targets Sensitive Data

Source: Dark Web

Among the information exfiltrated are scanned copies of various personal documents – likely belonging to its customers – such as driving licenses, birth certificates, identity cards, passports, invoices, screenshots of email correspondence, and an internal Excel database.

The Medusa ransomware group has issued a deadline, giving Comwave  nine days to comply with their demands, failing which they threatened to publicly release the compromised data. The severity of the situation cannot be overstated, with implications reaching far beyond Comwave Networks Inc. itself.

As a leading player in Canada’s telecommunications, the cyberattack on Comwave potentially impacts hundreds of thousands of users in 1,100 Canadian and 1,600 U.S. cities that use their services.

The Cyber Express has tried reaching out to the organization to learn more about this Comwave Networks cyberattack. However, due to communication issues, contact was not possible, leaving the claims for the Comwave Networks cyberattack unverified. 

Who is the Medusa Ransomware Group?

The operational status of Comwave’s website appears unaffected, suggesting that the attack may have targeted backend systems rather than launching a frontal assault. This modus operandi aligns with Medusa’s established tactics, which often involve exploiting vulnerable Remote Desktop Protocols (RDP) and deploying deceptive phishing campaigns. 

By utilizing PowerShell for command execution and systematically erasing shadow copy backups, Medusa disrupts data restoration efforts, leaving victims in a precarious position.

The Medusa ransomware, which first emerged in June 2021, has grown increasingly audacious over time. Its latest iteration, marked by the creation of the “Medusa Blog,” serves as a repository for data leaked from non-compliant victims. Operating within the dark recesses of the internet, Medusa’s TOR website serves as a grim reminder of the far-reaching consequences of cybercrime.

As organizations grapple with the fallout from cyberattacks like the one targeting Comwave Networks Inc., it becomes imperative to remain vigilant and implement stringent security measures. Detecting and mitigating the threat posed by Medusa and similar ransomware strains requires a concerted effort, one that extends beyond individual companies to encompass collaborative industry-wide initiatives.


Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button