Deadline Approaching for Rent 2 Own: Medusa Ransomware Threatens Data Release

Deadline Approaching for Rent 2 Own: Medusa Ransomware Threatens Data Release 1

In recent days, the Medusa ransomware group has published the name of a new victim, Rent 2 Own, on its .onion blog.

Rent 2 Own is a U.S.-based company offering a rent-to-own service for products such as furniture, electronics, appliances, and more, with over 40 retail locations.

As evidence, Medusa released a series of 31 documents containing sensitive customer data from individuals who made purchases over the years through distribution networks in the states of Ohio and Kentucky. The data reviewed by SuspectFile.com includes:

Renters’ details:

  • First name and last name
  • Date of birth
  • Gender
  • Full address
  • Home phone number
  • Mobile number
  • Driver’s license number
  • Social Security number

Co-Renters’ details:

  • Co-Renter’s name
  • Date of birth
  • Gender
  • Driver’s license number (in some cases)
  • Social Security number (in some cases)

Renters’ Employer details:

  • Company name
  • Job title
  • Full address
  • Phone number

Note: full names and phone numbers of three personal references are present in all customer records. Additionally, payment frequency, payment amounts, and due dates are listed.

Here are two examples of the forms that Rent 2 Own uses to store, without any protection, the sensitive data of its customers, which we know to be nearly 50,000.

Deadline Approaching for Rent 2 Own: Medusa Ransomware Threatens Data Release 2

Screenshot and redaction by SuspectFile.com

Deadline Approaching for Rent 2 Own: Medusa Ransomware Threatens Data Release 3

Screenshot and redaction by SuspectFile.com

The deadline set by the group is January 18. If Rent 2 Own does not pay a ransom of $200,000 by that date, the data will be made public on the Medusa Telegram channel.