st helena ransomware

Ransomware group Medusa over the weekend claimed responsibility for a May 2024 cyber attack against the city of St. Helena, California. Medusa demanded the city pay $200,000 in ransom by the end of this week.

A cyber attack on May 13 forced St. Helena officials to shut down their computer systems and the city library. The city hired a private computer forensic company to investigate the attack.

City officials have not confirmed Medusa’s claim, nor what data or how many records were impacted. We do not yet know how attackers breached city systems, what specific systems are or were affected, or whether officials intend to pay the ransom. Comparitech contacted St. Helena officials for comment and will update this article if they respond.

June 6, 2024 UPDATE: Anil Comelo, City Manager for the City of St. Helena, responded to Comparitech’s questions with the following statement:

“On Monday, May 13 the City of St. Helena experienced a ransomware event. Staff has since worked with its IT contractor and law enforcement agencies, other public agencies, and multiple third-party experts to investigate the scope of the incident and further bolster our network security infrastructure.

I have been very impressed by the work City staff continues to do while our main servers and network has been inaccessible for security reasons,” said Anil Comelo, City Manager for the City of St. Helena. “City staff has had to rebuild files that were saved on our servers while continuing to serve the City’s residents and businesses and working to minimize impacts on our customers. This incident has caused more work for our employees. But all our employees have banded together to address this incident and find creative solutions to continue serving the community. Our Administrative Services Director, IT team, and others have spent countless hours working specifically on this incident, while continuing to do everything else they are responsible for.”

The City is working with third-party experts to identify individuals whose data may have been impacted by this incident. As part of the ongoing investigation, the City will continue to work with partners to analyze the affected files. Once that review is complete, affected individuals will be informed, as required by law, if it is determined that their personal information was involved in this incident.

“City staff has been resilient, stepping up to face challenges, and has come together to complete projects, move important tasks forward, and ensure that our community continues to get the services and information they need on a daily basis,” continued Comelo. “Our staff has exemplified our core values of being responsive, collaborative, and innovative over the last few weeks. Our team continues to focus on serving our community and further bolstering our security.”

Who is Medusa?

Medusa first surfaced in September 2019 and debuted its leak site in February 2023, where it publishes stolen data of victims who don’t pay ransoms. Medusa often uses a double-extortion approach in which victims are forced to pay twice: once to decrypt their systems, and once for not selling or publishing stolen data.

Medusa has been confirmed as the gang behind 21 attacks worldwide so far this year, and 61 confirmed attacks since it began operating, according to our data. Its average ransom is $790,000.

Medusa’s has claimed several attacks on government targets, including the Solano County, CA Library; Henry County, IL; the East Baton Rouge Sherriff’s office; Traverse City Area Public Schools, and the Kansas City Area Transportation Authority.

Ransomware attacks on US government organizations

So far this year, we’ve tracked 53 confirmed attacks on government organizations around the world. This follows a record-breaking 206 attacks in 2023.

Ransomware attacks can knock out key government systems and cause widespread disruption. Ransomware attacks are often combined with data theft, in which attackers exfiltrate private and confidential data.

In 2023, we found the US government organization lost an average of 16.5 days in downtime to ransomware attacks.

About St. Helena

Located in Napa County, California, St. Helena is a affluent town with a population of 5,438 as of the 2020 census. It’s a popular tourist destination for its local vineyards and restaurants.