Clop targets Kellogg and Medusa Ransomware hits NASCAR

Clop Ransomware Targets WK Kellogg Co. in Cyber Attack

WK Kellogg Co., now operating as a separate entity from the Kellogg Company, has fallen victim to a cyber-attack, believed to be a ransomware attack. After conducting a technical investigation, the company discovered in February 2025 that cybercriminals, reportedly from the Clop ransomware group, may have infiltrated its network as early as 2024, potentially stealing sensitive data from its servers.

A third-party assessment suggests that the breach could have been linked to the Cleo Data Theft Attack that made headlines last year. This attack was enabled by a vulnerability in Cleo software, which allowed the threat actors to access and exfiltrate data from Kellogg’s servers.

Clop ransomware is a notorious hacking group involved in data extortion activities since 2019. The group is known for deploying malware through phishing campaigns to infiltrate networks, followed by a strategy of double extortion, where data is both stolen and encrypted.

One of the defining characteristics of Clop ransomware is that it does not target Russian organizations, focusing instead on exfiltrating data rather than encrypting it. Security experts suggest that the group’s tactics still result in significant financial gains, as the stolen data is used to extort victims.

Another notable aspect of Clop’s strategy is its tendency to strike during weekends or public holidays when IT staff are less available to respond. In 2023, the group launched a more sophisticated attack by infecting MoveIT software.

Medusa Ransomware Strikes NASCAR with Data Breach

The Medusa Ransomware group has claimed responsibility for releasing a dataset on its data-leak website, which it asserts contains sensitive information linked to NASCAR, the renowned American auto racing organization. Following an analysis of the leaked data, it appears to include personal information about NASCAR employees, such as names, email addresses, job titles, and login credentials.

The ransomware gang has posted a message alongside the dataset, demanding a ransom of $4 million, with a deadline of 10 days for payment. If the ransom is not paid, the Medusa group has threatened to sell the stolen data to interested buyers.

Further investigation is underway, and additional details are expected to emerge soon.