Ransomware victim disclosure
← All victimsCurtain Bluff
Claimed by Medusa · listed 1 year ago
Status timeline
- ListedMar 25, 2025
- Data leakeddate unknown
At a glance
- Group
- Medusa
- Status
- Data leaked
- Country
- Antigua & Barbuda
- Sector
- Hospitality and Tourism
- Listed on leak site
- Mar 25, 2025
- Ransom demanded
- $120.000
About the victim
AI dossier — public-source company profileCurtain Bluff is a hospitality business operating under the domain curtainbluff.com. Based on the leaked data scope, it appears to be a resort or hotel property serving vacationers.
- Industry
- Hospitality and Tourism
Attack summary
Severity: critical — Confirmed exfiltration of multiple regulated/sensitive data categories: PII at scale (vacationers), financial records (bank statements with transactions), and credential compromise. The combination of personal guest data, financial information, and operational access credentials presents severe risk to guest privacy and business security.Medusalocker claims to have exfiltrated vacationer personal data, audit records, bank statements, internal organizational documentation, and approximately 500 login/password credential pairs from Curtain Bluff's systems.
Data the group says was taken
AI dossier — extracted from the leak post- Vacationer personal information (PII)
- Audit records and historical reports
- Bank statements and transaction records
- Internal organizational documentation
- Operational records (e.g., menus)
- Login/password credentials (~500 pairs)
What the group claims
www.curtainbluff.com Curtain Bluff files Vacationer information (personal data), audit information (including past years), bank activity (statements with all transactions), internal organization documentation (even the menu) and other documents.There are also large amounts of account data (about 500 unique login/password pairs). Price – $120,000
Sources
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

