Ransomware victim disclosure
← All victimsJohn H. Wellons Foundation, Inc.
listed as wellons.org · Claimed by Medusalocker · listed 3 years ago
Status timeline
- ListedOct 23, 2023
- Data leakeddate unknown
At a glance
- Group
- Medusalocker
- Status
- Data leaked
- Listed on leak site
- Oct 23, 2023
About the victim
AI dossier — public-source company profileThe John H. Wellons Foundation, Inc. is a North Carolina-based nonprofit organization founded in 1950 that provides affordable and accessible housing for seniors and physically handicapped individuals. Operating multiple properties across North Carolina, South Carolina, and Virginia, the foundation serves vulnerable populations seeking safe, care-free living arrangements.
- Industry
- Senior Housing & Affordable Housing Services
- Address
- 2004 W. Cumberland Street, Dunn, North Carolina 28334
- Founded
- 1950
Attack summary
Severity: high — Confirmed exfiltration of employee information and 15+ years of organizational email/communications. The victim serves vulnerable seniors; compromise of customer data poses significant privacy and safety risk. Data published with ransomed pricing demonstrates active exploitation.MedusaLocker claims to have exfiltrated employee information, agreements, customer email files (.xls), and 15+ GB of Outlook PST messages spanning 2006–2023. The group is asking $55,000 ransom and has published the data.
Data the group says was taken
AI dossier — extracted from the leak post- Employee information
- Agreements
- Customer email files
- Outlook PST messages (2006–2023)
- 15+ GB email archive
What the group claims
Descriptionemployee information – agreement – customer email(.xls)- pst files 15+GB all outlook message 2006-2023 year Price: 55000$
Sources
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

