Ransomware victim disclosure
← All victimsCurtain Bluff
Claimed by Medusalocker · listed 1 year ago
Status timeline
- ListedMar 25, 2025
- Data leakeddate unknown
At a glance
- Group
- Medusalocker
- Status
- Data leaked
- Country
- Antigua & Barbuda
- Sector
- Hospitality and Tourism
- Listed on leak site
- Mar 25, 2025
About the victim
AI dossier — public-source company profileCurtain Bluff is an award-winning luxury resort located on Antigua's south coast in the Caribbean. The all-inclusive property features 72 suites and guest rooms, multiple dining venues, spa facilities, tennis courts, and water sports activities, positioning itself as an intimate high-end destination for vacationers and special events.
- Industry
- Luxury Hotel & Resort
- Address
- P.O. Box 288 Old Road, Antigua, West Indies
Attack summary
Severity: critical — Confirmed exfiltration of guest PII at scale, financial records, and login credentials from a luxury hospitality provider. Guest personal data and bank statements represent regulated sensitive information affecting potentially hundreds of individuals.MedusaLocker claims to have exfiltrated guest and operational data from Curtain Bluff, including vacationer personal information, financial records (bank statements), internal documentation, and approximately 500 login credential pairs. The group is demanding $120,000 ransom.
Data the group says was taken
AI dossier — extracted from the leak post- Guest personal data
- Bank statements and transaction records
- Audit documentation (multiple years)
- Internal organizational documents
- Menu and operational records
- Login credentials (500+ pairs)
What the group claims
www.curtainbluff.com Curtain Bluff files Vacationer information (personal data), audit information (including past years), bank activity (statements with all transactions), internal organization documentation (even the menu) and other documents.There are also large amounts of account data (about 500 unique login/password pairs). Price – $120,000
Sources
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

