Royal Brighton Yacht Club

Summary

The Royal Brighton Yacht Club (RBYC) in Victoria was hit by a Medusa ransomware attack in mid-July 2024 through a compromised third-party point-of-sale remote support tool. The gang stole more than 94 gigabytes of data containing personal details of employees and members, and demanded a ransom of US$100,000 with an eight-day deadline.

What Happened

Attackers deployed Medusa ransomware through a compromised third-party point-of-sale (POS) system remote support tool, resulting in what the club described as a sophisticated supply chain cyber attack. The ransomware encrypted the club's systems and the attackers exfiltrated over 94GB of data. The Medusa gang posted details on their darknet leak site in mid-July, including sample documents showing personal details of both employees and members as proof of the breach.

Impact on Individuals

The breach exposed personal information of RBYC employees and members including names, contact details, and potentially membership information. Affected individuals should:

• Monitor for phishing attempts targeting yacht club members
• Be alert for scam calls or emails referencing the club
• Watch for potential identity theft using stolen personal details
• Be cautious of social engineering attacks leveraging membership information

As a members-only club, the exposure of membership lists could enable targeted scams and social engineering attacks against members.

Organisational Response

The Royal Brighton Yacht Club detected the ransomware promptly and took immediate steps to contain the incident and isolate affected systems. The club engaged a cyber security partner to manage the response and remediation efforts. RBYC informed the Australian Cyber Security Centre (ACSC) and cooperated fully with their investigation. The attack vector through a compromised third-party remote support tool highlights the supply chain security challenges facing organizations that rely on external service providers.