No patron information was compromised in a recent ransomware attack against John R. Wood Christie’s International Real Estate by a cyber gang known as Medusa, according to the company.

“All John R. Wood customer data is located in third-party solutions,” President Corey McCloskey said. “We had an internal security event, which does not include any customer data.”

Here’s what to know.

What does Medusa claim in ransomware attack made in Naples, Florida?

Medusa announced the attack on its site, claiming it had stolen more than 1 terabyte of Wood data. The gang demanded $2 million from the real estate group in exchange for deleting the stolen data or else it planned to sell the information on the dark web.

That’s according to researchers at Comparitech, a site covering cybersecurity topics since 2015.

“They’re quite a successful ransomware gang,” said Rebecca Moody, head of research at Comparitech.

Where have similar ransomware attacks occurred in the state of Florida?

The attack is bringing to light an increasingly common threat to companies and agencies with online business operations.

In 2019, the city of Riviera Beach in Palm Beach County agreed to pay a $600,000 ransom to retain access to its data which had been compromised in an attack. In 2023, St. Lucie County tax collector had its computer system shut down in another attack. The Palm Beach County Supervisor of Elections made public a 2016 ransomware attack in 2020.  Five years, the city of Naples was scammed out of $700,000 in a spearphishing cyber-attack.

Does the Collier County sheriff’s office investigate ransomware cases?

The Collier County sheriff’s office does not investigate ransomware cases but has shared tips from The Federal Trade Commission with the community on the best way to prevent these types of cyber crimes.

The FTC warns against clicking links from individuals you don’t know, which can download viruses onto your computer. Companies should also ensure they have anti-malware and anti-virus software and that they keep said software up to date.

The Federal Bureau of Investigation suggests coming up with a plan in case your business is attacked, and backing up your data regularly to ensure continued access in the event of an attack.

How long has Medusa been preying on companies and governments?

Moody said Medusa first came on the scene in 2019 and has claimed responsibility for at least nine confirmed ransomware attacks this past year on entities including a Michigan school district, an Indiana credit union and a national health care provider offering dialysis.

The group infiltrates entities through weaknesses in their security software, or else hacks their systems through phishing emails to employees.

“They’ll get in, loiter around for a while, then launch the attack,” Moody said.

What is a ransomware attack? How does the crime usually operate?

Once the cyber gang announces its presence and makes its demands, the clock starts. From there, targets have a specified amount of time to pay the ransom in order to avoid publication or sale of its stolen data.

“By the time they’re on the site that tends to be the end of the game, they’ve been hacked,” Moody said. “(The data) will often go on the dark web, and we don’t really follow it any farther.”

What’s ‘almost taboo’ when it comes to ransomware attacks?

Moody said targeted groups don’t often publicly share details of the attacks and whether they’ve made ransom payments, fearing it opens them up to repeat attacks.

“It’s almost taboo,” she said. “A lot of times companies will do everything they can to not admit to have suffered a ransomware attack.”

How much data does Medusa claim it stole from Collier County firm?

Medusa claimed last month to have stolen 1.07 terabytes of data. According to DropBox, a terabyte can hold up to 6.5 million document pages, 500 hours of HD video or 250,000 photos.

McCloskey declined comment on the type of data that was compromised in the attack. She did not say whether the group had paid and if it had reported the breach to authorities. But she added it was following the “specific laws in Florida.”

What does Florida law require when there’s a cyber attack?

Florida law requires that companies notify the state attorney general’s office within 30 days of a cyber attack, with the potential for extensions on doing so. The same statutes outline requirements for notifying customers publicly.

“As you can probably imagine, this is sort of (an) internal event that we’re still dealing with,” McCloskey said, “If you would please respect our privacy while we’re trying to work through it, that would be greatly appreciated, but I just really want to stress that no customer data at all has been affected.”

Chase Sizemore, the Attorney General’s press secretary, said Thursday the office had received notification on the incident.

Shopping: What are Kohl’s and Five Below plans for SW Florida expansion? What other stores are opening?

How can property owners sign up for ‘risk alert notifications?’

In general, there’s a rise in real estate scams, in particular the fraudulent transfer of deeds or a criminal pretending to be a buyer or seller and convincing victims to wire money for a deposit, according to the Collier County Clerk of the Circuit Court and Comptroller office.

The Clerk’s office has a fraud alert system to monitor legally recorded documents, like real estate deeds. While it concedes this won’t stop the scammer, it can help someone learn about the incident and file a complaint faster, reducing this impact.

Only about 5,000 have signed up, and the agency has been trying to get the word out on the program that can be found at collierclerk.com by clicking on the “risk alert notifications” button.

Resort: Great Wolf Lodge: How many millions of pounds of steel and concrete in Naples? How big?

What tips does the FBI recommend when it comes to cybersecurity?

• Keep operating systems, software, and applications current and up to date.

• Make sure anti-virus and anti-malware solutions are set to automatically update and run regular scans.

• Back up data regularly and double-check that those backups were completed.

• Secure your backups. Make sure they are not connected to the computers and networks they are backing up.

• Create a continuity plan in case your business or organization is the victim of a ransomware attack.

Phil Fernandez of the USA TODAY Network contributed to this report.

This article originally appeared on Naples Daily News: SW Florida company got hit by $2 million Medusa ransomware attack