Australian hospitality company Oscars Group has been named as the latest target of the Medusa ransomware group, which claims to have accessed and exfiltrated sensitive company data. On Nov. 5, Medusa publicly listed Oscars Group as a victim and issued an ultimatum: pay a ransom within 20 days or risk having the stolen information published online.
According to cyberdaily.au, the hackers have not specified the total size of the data set but have posted samples as proof of access. These samples reportedly include invoices, employee rosters, event schedules, daily financial records, and identification documents such as driver’s licences and passports. Some of the data is recent, dated November 2025, while other files go back several years. The breach also includes personal details such as employee addresses and tax file numbers.
Read next: Cyberattacks intensify for Australian firms
A directory structure released by Medusa suggests that more than 130,000 files were compromised, including scans of passports. A significant portion of the data appears to be associated with the Lakes Resort Hotel in South Australia, which Oscars Group acquired earlier this year. Medusa is demanding US$100,000 for the deletion of the data or for its purchase. The group is also offering to delay the public release for a daily fee of US$10,000. As of publication, Oscars Group has not issued a public statement regarding the incident.
This event highlights the ongoing cyber risks facing Australian businesses, particularly those handling large volumes of personal and financial information. Data from WatchGuard Technologies shows that Australian companies experienced a significant number of cyber threats in August 2025. The firm recorded 5,383 malware incidents nationwide, averaging 179 per day, and blocked 65,074 network-based attacks, or about 2,169 daily.
Australia’s share of malware detections accounted for just over 1% of the Asia-Pacific total, but the country represented 57% of the region’s blocked network attacks. Malware incidents rose by nearly half from June to July before dropping by more than two-thirds in August. Network attacks declined by over 40% from June to July and fell another 47% in August.
A recent survey commissioned by Arctic Wolf indicates that 45% of IT and cybersecurity leaders in Australia and New Zealand now prioritise intellectual property protection, data privacy, and regulatory compliance over other security concerns. This contrasts with global trends, where the adoption of artificial intelligence is a primary focus.
The survey also found that 85% of organisations in the region experienced at least one cyber incident in the past year, compared to a global average of 76%. Nearly three-quarters of respondents in Australia and New Zealand reported paying ransomware demands, with 91% engaging external negotiators, although less than half succeeded in reducing the ransom amount.
A cybersecurity expert notes that Medusa employs sophisticated tactics to evade detection and maintain access to compromised systems. Shannon Sedgwick, partner for national cyber security practice at MinterEllison Consulting, said Medusa operates as a ransomware-as-a-service (RaaS) provider, leveraging legitimate software for malicious activities that blend in with ordinary network operations, making detection challenging.
“Medusa are adept at evading detection by security teams and maintaining persistence in victim networks post-discovery by using remote management and monitoring tools to remotely execute a payload and install vulnerable drivers to impair defences by shutting down the likes of Microsoft Defender. They also move laterally across networks by modifying registry keys and creating scheduled tasks,” Sedgwick said, as reported by cyberdaily.au.
The incident and the broader increase in cyberattacks underscore the need for robust cyber risk management strategies within the insurance sector. As ransomware incidents and data breaches become more frequent, insurance professionals are tasked with evaluating evolving risks, regulatory obligations, and the adequacy of policy coverage for clients. The prevalence of ransom payments and the involvement of external negotiators also raise questions about best practices and the effectiveness of current response protocols.
