ARDEX Australia

Summary

ARDEX Australia, a manufacturer of flooring, tiling, and waterproofing products, was listed on the Medusa ransomware group's dark web leak site on 27 January 2025. The attackers claimed to have stolen business documents containing confidential information, employment records, and financial data, demanding $300,000 to prevent publication of the stolen information.

What Happened

The Medusa ransomware group gained unauthorised access to ARDEX Australia's systems and exfiltrated business documents. On 27 January 2025, Medusa listed the company on their dark web leak site with samples of the stolen data, including spreadsheets, product lists, pricing information, employee remuneration documents, employment records, and confidential policy documents.

The ransomware group set a countdown timer giving ARDEX approximately 22 days to pay the $300,000 ransom demand before the stolen data would be publicly released or sold. This attack was part of a broader campaign by Medusa targeting Australian organisations during this period.

Impact on Individuals

The breach exposed employee information including:

• Employment records with personal details
• Remuneration documents containing salary information
• Other employment-related data

Affected employees face potential privacy violations and may need to monitor for identity theft attempts if their personal information was included in the stolen documents.

Organisational Response

ARDEX Australia, which specialises in engineering products and systems for flooring alignment, tile and natural stone systems, waterproofing membranes, and decorative surfaces, has not publicly commented on the incident. The company did not respond to media requests regarding the breach or whether they paid the ransom demand. +++