Ransomware Group: MEDUSA

VICTIM NAME: Pawnee Heights Unified School District

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the MEDUSA Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak file pertains to Pawnee Heights Unified School District, an educational institution established in 1949 and located in Rozel, Kansas, United States. The incident was discovered on April 16, 2025, with the attack date being April 14, 2025. The breach involved the exposure of approximately 498.10 GB of data, which is substantial for an organization of this type. The group responsible for the attack is identified as “medusa,” and the demanded ransom was set at 160,000 USD. The leak includes relevant images and a link to a detailed report hosted on the dark web platform. No specific sensitive personal or staff data is publicly disclosed in the summary. The incident highlights the cybersecurity risks facing educational institutions, emphasizing the need for robust security measures.

The leaked data appears to include organizational information, potentially internal documents, and possibly personal data associated with students or staff, though specific details are not enumerated. The leak was identified through a publicly accessible dark web portal, which also provides a screenshot preview of the compromised data. The victim’s domain, phtigers.net, is associated with the school district, and the event is part of a broader ransomware campaign targeting similar institutions. The leak may also contain screenshots of internal documents, emphasizing the sensitive nature of the compromised information. While exact contents are not fully detailed, the leak signifies a significant cybersecurity incident for the school district, underscoring the importance of data protection in the education sector.