Medusa ransomware has claimed responsibility for a cyberattack on RE/MAX, an international real estate company with more than 9,000 offices globally. The group is demanding $200,000 to prevent the public release of 150GB of allegedly stolen data.
Ransomware Gang Posts RE/MAX on Leak Site, Demands Payment Within 18 Days
On Tuesday, the Medusa ransomware group listed RE/MAX on its dark web leak site. The group claims to have exfiltrated 150GB of internal company data and has attached sample files as proof. A countdown timer shows less than 18 days remaining for RE/MAX to meet the $200,000 demand before the data is released publicly.
While the breach has not been officially confirmed by RE/MAX, the samples include:
- Full names and photographs of real estate agents
- Anniversary dates and commission summaries
- Monthly billing and fee structures
- Business phone numbers and email addresses
- Internal payout documents from 2021 to 2023
Some files also reveal layout photos and schematics of listed properties and a letter indicating the termination of a franchise relationship.
Potential Impacts and Data Sensitivity Concerns
Although many of the exposed data points are publicly available business details, researchers warn that the remaining files in the 150GB cache could hold more sensitive information.
“The available data doesn’t appear to be super sensitive or valuable. However, the data sample is small, and the rest of the 150GB leak might contain more sensitive data. A big leak from a major real estate company shows serious failure in data governance,”
said Nojus Girdenis, a security researcher at Cybernews.
Cybernews analysts also caution that the stolen data could be used for identity theft, financial fraud, and targeted phishing attacks. The exposure of agent compensation data and client interactions could further increase the risk of social engineering or property-related scams.
“RE/MAX’s customers could even suffer from property scams. In this case, the company could face financial damage (ransom payments, possible fines, legal fees, etc), operational disruption, and reputational damage,”
Girdenis added.
Extortion Model Includes Deadline Extensions
Medusa has set a fixed ransom price of $200,000 but offers an unusual add-on: the ability to extend the deadline by one day for $10,000.
RE/MAX has not issued a public response as of this writing, and it remains unclear whether negotiations or remediation efforts are underway.
