Headline
Medusa Ransomware Leaks 834 GB of Comcast Data After $1.2M Demand
Medusa ransomware leaks 186 GB of Comcast data, claiming 834 GB stolen after a $1.2M ransom demand apparently went unpaid.
The Medusa ransomware group has leaked 186.36 GB of compressed data it claimed to have stolen from Comcast Corporation, a global media and technology company. According to Hackread.com’s earlier report, the group stated that it breached Comcast in late September 2025 and obtained a total of 834 GB of data.
The leaked 186 GB archive, once decompressed, should amount to around 834 GB of data, based on the group’s claims.
The data trove was released on Sunday, October 19. The ransomware group had initially demanded $1.2 million from potential buyers to download it, the same amount it asked Comcast to pay for the data to be deleted instead of leaked or sold.
Medusa Ransomware group’s dark web leak site, where it claimed Comcast as its victim – These claims were published on Friday, September 26, 2025 (Image credit: Hackread.com)
The sample data analysed by Hackread.com during its coverage of the group’s initial claims included numerous records, such as files named Esur_rerating_verification.xlsx, Claim Data Specifications.xlsm, and various Python and SQL scripts related to auto premium impact analysis.
Hackread.com reached out to Comcast regarding the incident but did not receive a response, acknowledgement, or denial from the company. The leaked data is now available for download in 47 split files titled Comcast_FS, with 45 files sized at 4 GB each and one file measuring 2 GB.
Screenshot from the Medusa ransomware group’s dark web leak site (Credit: Hackread.com)
The Medusa ransomware group is known for targeting major organisations. On April 8, 2025, it announced an attack on NASCAR with a $4 million ransom demand. The incident was later confirmed as a data breach in July 2025, showing that the group carried out its threats when negotiations failed.
Earlier this month, Microsoft issued a security advisory warning organisations that the Medusa ransomware group was actively exploiting the GoAnywhere MFT vulnerability (CVE-2025-10035, CVSS 10.0) for unauthenticated remote code execution.
Comcast now joins the growing list of companies targeted by ransomware groups. In 2023, its Xfinity brand suffered a major breach caused by a critical vulnerability in Citrix software, which affected more than 35.9 million user accounts.
Related news
Every week, the cyber world reminds us that silence doesn’t mean safety. Attacks often begin quietly — one unpatched flaw, one overlooked credential, one backup left unencrypted. By the time alarms sound, the damage is done. This week’s edition looks at how attackers are changing the game — linking different flaws, working together across borders, and even turning trusted tools into weapons.
Fortra on Thursday revealed the results of its investigation into CVE-2025-10035, a critical security flaw in GoAnywhere Managed File Transfer (MFT) that's assessed to have come under active exploitation since at least September 11, 2025. The company said it began its investigation on September 11 following a "potential vulnerability" reported by a customer, uncovering "potentially suspicious
Latest reports suggest the critical GoAnywhere MFT vulnerability (CVE-2025-10035, CVSS 10.0) is actively exploited by the Medusa ransomware gang for unauthenticated RCE. Patch immediately.
Microsoft on Monday attributed a threat actor it tracks as Storm-1175 to the exploitation of a critical security flaw in Fortra GoAnywhere software to facilitate the deployment of Medusa ransomware. The vulnerability is CVE-2025-10035 (CVSS score: 10.0), a critical deserialization bug that could result in command injection without authentication. It was addressed in version 7.8.4, or the Sustain
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting the Sudo command-line utility for Linux and Unix-like operating systems to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability in question is CVE-2025-32463 (CVSS score: 9.3), which affects Sudo versions prior to
Cybersecurity company watchTowr Labs has disclosed that it has "credible evidence" of active exploitation of the recently disclosed security flaw in Fortra GoAnywhere Managed File Transfer (MFT) software as early as September 10, 2025, a whole week before it was publicly disclosed. "This is not 'just' a CVSS 10.0 flaw in a solution long favored by APT groups and ransomware operators – it is a
Urgent warning for Fortra GoAnywhere MFT users. A CVSS 10.0 deserialization vulnerability (CVE-2025-10035) in the License Servlet allows command injection. Patch to v7.8.4 immediately to prevent system takeover.
The security landscape now moves at a pace no patch cycle can match. Attackers aren’t waiting for quarterly updates or monthly fixes—they adapt within hours, blending fresh techniques with old, forgotten flaws to create new openings. A vulnerability closed yesterday can become the blueprint for tomorrow’s breach. This week’s recap explores the trends driving that constant churn: how threat
Fortra has disclosed details of a critical security flaw in GoAnywhere Managed File Transfer (MFT) software that could result in the execution of arbitrary commands. The vulnerability, tracked as CVE-2025-10035, carries a CVSS score of 10.0, indicating maximum severity. "A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor with a validly forged