The Medusa ransomware group has updated its dark web leak site with a new list of alleged victims, targeting organizations in the education and service sectors in Brazil. The group, known for its double-extortion tactics, claims to have successfully breached the networks of the following entities:
-
WR Comercial (🇧🇷): Based in São Paulo, this company specializes in outsourcing skilled staff for essential services such as security, cleaning, and administrative support. They connect businesses with workers for facility management and operational roles.
-
Universidade Municipal de São Caetano – USCS (🇧🇷): A prominent municipal university headquartered in São Caetano do Sul. USCS offers a wide range of undergraduate and postgraduate programs (including MBAs and doctorates) and provides community services such as free legal assistance and health care.
According to the actor, sensitive internal documents have been exfiltrated from both organizations. The group has set ransom demands of $100,000 for WR Comercial and $250,000 for USCS. Based on the file trees and samples provided by the threat actor, the allegedly compromised data includes:
-
Service contracts and agreements
-
Financial records and folders
-
Personnel management files (“Gestão de Pessoas”)
-
Internal administrative file structures
-
Student or employee records












