UPDATE 2: 8/14/2023 at 11:30 AM
The Medusa Group contacted us to inform them that they have just stopped the DDoS attacks on the IT infrastructure of Borets International Ltd. (Levare). On the website of the Levare we did not find any references regarding the loss of data after the cyber attack of last July 25th.
We want to remind you that for some days we have been in possession of a video prepared by Medusa where the ransomware group shows an important part of the exfiltrated documents, we have chosen not to share it as much of the data seen in the video could harm both the privacy of employees, but also trade secrets.
We can also state that between Medusa and Borets International Ltd. of Houston there was a negotiation, most likely with an employee of their IT department of the American company, the ransomware group informs us that Borets then suddenly decided to block the negotiations.
We will send an e-mail to the administrative offices of the multinational asking for a statement on the matter.
As always SuspectFile.com will update the article in case of new items.
Ransomware group Medusa has published the news about the attack on IT systems Borets International Ltd. (Levare)
Contrary to the information we had gathered in recent days, it would not be the American office in Midland, TX that was affected, but the one in Huston, TX
Even the ransom amount is much lower than we had assumed, Medusa has set a maximum price of 500,000 dollars for the deletion of all files exfiltrated from the multinational.
At this moment, as had already happened in recent days and as Medusa confirmed to us, the website https://levare.com is offline due to targeted DDoS attacks
For several days the website of Levare International Ltd. (Levare) has been offline due to DDoS attacks on IT infrastructures, the Medusa ransomware group is thus trying to put pressure on the multinational based in Dubai in the United Arab Emirates.
Levare, formerly Borets International Ltd., is one of the world’s leading companies in the design, construction and sale of electric submersible pumps (ESP), horizontal pumping systems (HPS) and permanent magnet motors (PMM) mainly for the oil sector. In the world it has several operating offices: U.S., Canada, Colombia, Egypt and, according to the new CEO and president Merrill A. Miller Jr. (Pete Miller), in the near term plans, the Levare will open a new production center in Monterrey, Mexico.
Miller has a degree in applied sciences and engineering from the West Point Military Academy – U.S., can boast more than forty years of experience in the oil services sector.
Recently, we learned that already on July 25th, the ransomware group was inside the IT systems of Levare and that the American headquarters in Midland, TX had been affected by Medusa. During the attack on the multinational’s servers, the ransomware group had managed to exfiltrate over 1TB of data, many of which concerned industrial projects, administrative documents, copies of passports of US and Canadian citizens, but also SSNs and a copy of a port of arms of a Canadian citizen.
Below are some examples
At the moment we have no information regarding the size of the ransom but we assume, given the high profile of the victim, that the one requested by Medusa could be 7 digits.
SuspectFile.com will update the article in case of new items.