North Coast Petroleum

Summary

North Coast Petroleum, an Australian fuel retail and distribution company, fell victim to a Medusa ransomware attack on June 24, 2024. The attackers claimed to have stolen 71.5 gigabytes of data including invoices, identity documents, and customer bank account details.

Attack Vector

The Medusa ransomware group breached North Coast Petroleum's systems and exfiltrated 71.5GB of data. The group demanded US$150,000 ransom and set an eight-day countdown for public release of the stolen data, simultaneously offering the data for sale at the same price on criminal forums.

Consumer Impact

The stolen data includes highly sensitive information: driver's license scans, passport details, credit card details, and customer bank account information. Documents posted by Medusa revealed creditor payment records containing BSB and bank account details of several North Coast Petroleum customers, including major companies like Schweppes Australia, SodaStream, Repco, and Frucor Beverages. Employee information including names, addresses, and phone numbers was also exposed.

Response

As of the breach disclosure, the company's website appeared to be down, though it remains unclear if this is related to the attack. The breach was part of a broader Medusa ransomware campaign targeting Australian organizations in mid-2024.