RE/MAX Targeted in Alleged Ransomware Attack by Medusa Gang

RE/MAX, one of the world’s largest real estate networks with over 9,000 offices globally, has reportedly been targeted in a ransomware attack by the notorious Medusa group. The cybercriminals claim they’ve stolen 150GB of data and are demanding $200,000 to delete it.

The breach has not yet been confirmed by RE/MAX, but on Tuesday, Medusa listed the company on its dark web leak site and shared a small sample of the stolen files. The post includes a countdown timer giving the company less than 18 days to pay up before the full data is released publicly. Medusa is also offering to extend the deadline by one day for $10,000.

The leaked samples include personal information of real estate agents from multiple countries — such as full names, photos, email addresses, business phone numbers, and year-to-date commissions. Many of these details are likely already public as part of agents’ online profiles, but internal documents also show private financial information, including commission payouts, fee structures, and quotas. Some of the files date back to 2021.

There are also screenshots of property photos and layouts, and even a franchise termination letter.

Cybersecurity expert Nojus Girdenis from Cybernews says that while the leaked sample doesn’t seem highly sensitive, the full 150GB could contain more damaging data.

“A big leak from a major real estate company shows serious failure in data governance,” Girdenis said. He added that the stolen information could be used for identity theft, financial fraud, or targeted phishing attacks. There’s also a risk of property-related scams that could impact RE/MAX’s clients.

If the breach is confirmed, RE/MAX could face significant financial losses, legal troubles, and damage to its reputation.

Cybernews has reached out to RE/MAX for a comment, but the company has not yet responded.