Hive

R. C. Stevens Construction Co. is a reputable construction firm based in Winter Garden, Florida, specializing in high-quality commercial construction services since 1926. The company provides new construction and renovation services with an emphasis on design/build for industrial, commercial, and healthcare markets. With over 95 years of experience, the firm emphasizes integrity, quality, and innovation in its projects. R. C. Stevens Construction Co. was listed as a ransomware victim associated with the threat actor hive. ID 5262

G.W. Becker, Inc. is a family-owned U.S. company based in Hermitage, Pennsylvania, that provides overhead cranes, hoists, lifting solutions, and related field services. Its site says it delivers complete solutions tailored to customer facilities, workflows, and long-term goals. The company has operated since 1980 and serves industrial clients through sales, maintenance, repairs, and support. It was listed as a ransomware victim associated with Hive. ID 5227

consulatehc.com is the website of Consulate Health Care, a U.S.-based senior healthcare provider focused on post-acute care and related services. Company listings place its headquarters in Maitland, Florida, and describe its operations as part of the healthcare services and elderly care sector. Public business profiles also identify it as a national provider serving patients and residents across multiple care settings. It was listed as a ransomware victim associated with hive. ID 5197

cmvcaridad.com belongs to Hospital CMV Caridad, also branded as Ribera Virgen de la Caridad, a healthcare provider in Cartagena, Murcia, Spain. The group operates a hospital and related medical services, including urgent care, general medicine, nursing, X-ray, clinical analyses, PCR testing, and specialty outpatient centers. Its published address is C/ Jorge Juan, 30, Cartagena. It was listed as a ransomware victim associated with Hive. ID 5163

Camst Group is an Italy-based catering and facility-services company headquartered in Villanova di Castenaso, Bologna. It provides collective and commercial catering, including meals for schools, hospitals, companies, events, and other service settings. The company also offers banqueting and facility services across the country, serving hospitality, food and beverage, and tourism-related needs. In this index, camstgroup.com was listed as a ransomware victim associated with Hive. ID 5160

mhmrabv.org belongs to MHMR Authority of Brazos Valley, a public nonprofit community MHMR center in Bryan, Texas. The organization serves adults and children with mental illness and intellectual and developmental disabilities, and it provides mental health, crisis, and related support services. Its crisis program operates 24/7 and serves as an entry point for eligibility assessment and emergency support. In threat-intelligence listings, mhmrabv.org was identified as a ransomware victim associated with Hive. ID 4956

Alvaria, Inc. is a US-based software company in the IT sector that provides contact center infrastructure and customer experience technology for enterprises. Its offerings include outbound engagement, workforce, and compliance-focused platforms used to improve customer and patient interactions. The company says it serves global customers from its Atlanta-area headquarters and international offices. It was listed as a ransomware victim associated with Hive. ID 4952

Interface is a US-based commercial flooring company headquartered in Atlanta, Georgia. It designs, produces, and sells modular carpet tile, resilient flooring, and related hard-surface products for commercial spaces. The company describes itself as a global leader in modular flooring and highlights sustainability as a core part of its offering. In threat-intelligence listings, Interface was associated with the ransomware actor Hive as a victim. ID 4938

North Idaho College is a public community college in Coeur d'Alene, Idaho, with additional locations in Post Falls and Rathdrum. It offers more than 80 degrees and certificates, including transfer programs and career and technical education. The college serves students through academic, workforce, and training programs across its regional campuses in northern Idaho. It was listed as a ransomware victim associated with Hive. ID 4934

Innovative Education Management (IEM) is a California education organization based in Placerville, California, that develops and operates charter schools. It has served California charter schools since 1998 and offers a tuition-free, individualized education model through independent-study and public charter programs. Public profiles describe it as focused on personalized learning and school management services for students and families. It was listed as a ransomware victim associated with Hive. ID 4933

Dixons Allerton Academy is an all-through school and sixth form in Allerton, Bradford, West Yorkshire, England. It serves pupils from primary through post-16 education and operates within the education sector. The academy is located on Rhodesway in Bradford and is part of the Dixons Academies Trust. It was listed as a ransomware victim associated with Hive. ID 4932

City Of Huntsville, Texas is a municipal public sector government in Huntsville, Texas, serving residents through city departments and administrative services. The city’s official website and municipal directory identify it as the City of Huntsville, with offices at 1212 Avenue M and a local government structure that supports public health, safety, and welfare. It operates as a city administration in the United States and provides public information, services, and community notices. The City of Huntsville, Texas was listed as a ransomware victim associated with hive. ID 4931

JAKKS Pacific Inc. is a U.S.-based company headquartered in Santa Monica, California, that designs, develops, produces, and markets toys, games, leisure products, and other consumer products sold worldwide. The company operates as a multi-brand manufacturer and marketer with a broad consumer-facing portfolio. In threat-intelligence catalogs, it is listed as a ransomware victim associated with hive. ID 4914

Stolle Machinery is a U.S.-based manufacturing and engineering company headquartered in Centennial, Colorado, with additional operations in Ohio and other global locations. It develops and supports machinery for the can-making industry, including equipment used to produce two-piece cans and ends. The company says it maintains facilities around the world to provide local service and support to customers. It was listed as a ransomware victim associated with hive. ID 4913

Mark-Taylor is a privately held real estate company based in Scottsdale, Arizona, focused on multifamily development, ownership, investment, and property management. It operates in the residential rental sector and is known for luxury apartment communities across Arizona and other U.S. markets. The company presents itself as a regional developer and manager of premier multifamily communities. It was listed as a ransomware victim associated with hive. ID 4845

Expand Group is a Services-sector company based in the United States. Publicly available business context for the name is limited in the provided results, so this listing uses only the confirmed sector and country. It is indexed here for threat-intelligence reference under the Hive ransomware ecosystem. The company was listed as a ransomware victim associated with hive. ID 4844

Knox College is a private liberal arts college in Galesburg, Illinois, United States. It serves undergraduate students with a broad liberal arts curriculum and programs that include educational studies for future teaching licensure. The campus is city-based and the college describes itself as nationally ranked and devoted to personalized education. It was listed as a ransomware victim associated with Hive. ID 4782

INTERSPORT France is a French sporting goods retailer based in Longjumeau, near Paris, and part of the wider INTERSPORT network. It distributes sports apparel, footwear, equipment, and related leisure products through a national retail and logistics footprint in France. Founded in 1924, the company serves consumers and sports clubs across the country. It was listed as a ransomware victim associated with hive. ID 4742

Guilford College is a private not-for-profit higher education institution located in Greensboro, North Carolina, offering bachelor's degrees including an Education Studies major with teacher licensure and non-licensure tracks. The college emphasizes practical field study and close student-faculty relationships through its Education Studies Department. It serves approximately 1,160 undergraduate students and provides a city-atmosphere campus experience in Greensboro. Guilford College was listed as a ransomware victim associated with the threat actor hive. ID 4661

Norman Public Schools is a public school district in Norman, Oklahoma, serving students in grades PK-12 across 26 schools and academies. It is the eighth-largest district in Oklahoma and operates near the University of Oklahoma, providing academic programs and educational services for the community. The district’s administrative center is at 131 S. Flood Ave. in Norman. It was listed as a ransomware victim associated with Hive. ID 4646

Hydro-Gear & Agri-Fab is a US-based entity headquartered in Sullivan, Illinois, specializing in drivetrain solutions and lawn care attachments for the agriculture, recreational, and residential markets. Hydro-Gear, founded in 1991, is the world's leading manufacturer of precision drive systems including hydrostatic drives and transaxles, while Agri-Fab produces lawn care attachments for homeowners. The group serves the commercial, residential, and electric markets with trusted machinery components. Hydro-Gear & Agri-Fab was listed as a ransomware victim associated with the hive threat actor. ID 4608

LCMH appears to refer to Lake Charles Memorial Health System, a healthcare provider serving Southwest Louisiana from Lake Charles, Louisiana. Its network includes Lake Charles Memorial Hospital, and it describes itself as the region's largest family-centered medical complex. The organization provides medical care across the community and surrounding area. It was listed as a ransomware victim associated with hive. ID 4581

MCCROSSAN is a Minnesota-based regional highway and heavy civil general contractor headquartered in Maple Grove, with operations focused on infrastructure and construction services in the Twin Cities area. The company’s work supports roads, highways, and related civil projects, reflecting a broader construction sector profile. Public company information also places MCCROSSAN in Maple Grove, Minnesota, United States. It was listed as a ransomware victim associated with hive. ID 4559

APM Terminals is a port operating company headquartered in The Hague, Netherlands, that manages container terminals and provides integrated cargo and inland services across 38 countries on five continents. The company operates 74 port and terminal facilities globally, serving shipping line and landside customers while seamlessly integrating land and sea to ensure supply chains remain safe and undisrupted. With more than 22,000 industry professionals and over 60 terminals in its network, APM Terminals is part of Maersk, an integrated transport and logistics leader. The company was listed as a ransomware victim associated with the Hive threat actor. ID 4542

TCQ is a United States-based company in the Other sector, meaning it operates outside a specific industry category such as healthcare, finance, or manufacturing. Publicly available threat-intelligence records do not provide enough verified detail here to describe its offerings without risking invention. Hive was a ransomware-as-a-service group active against organizations worldwide and disrupted by law enforcement in 2023. TCQ was listed as a ransomware victim associated with Hive. ID 4538

ROYAL GATEWAY CO., LTD is a company based in Bangkok, Thailand, operating within the Services sector, with offerings potentially linked to beverage distribution and business services. The company is located in Khlong Toei Nuea, Bangkok, and employs approximately 51 to 200 people, indicating a mid-sized operational footprint. While some sources associate it with beverage manufacturing or document management, its primary classification aligns with Services. The company was listed as a ransomware victim associated with the hive threat actor. ID 4537

Cornwell Quality Tools is a privately held American company based in Wadsworth, Ohio, that manufactures and sells professional tools and storage equipment. It serves automotive and aviation technicians through mobile tool franchise owners and direct sales channels. Founded in 1919, the company promotes itself as a long-running mobile tool brand for professional users in the United States. It was listed as a ransomware victim associated with Hive. ID 4535

Landi Renzo S.p.A. is an Italian company headquartered in Cavriago, in the Province of Reggio Emilia, Italy. It designs, manufactures, markets, installs, and sells LPG and CNG fuel supply systems for vehicles, serving the sustainable mobility and infrastructure sectors. The company is known for gas-fuel components and systems used in the motor vehicle market. Landi Renzo was listed as a ransomware victim associated with hive. ID 4456

Tata Power Company Limited is an Indian electric utility and integrated power company based in Mumbai, Maharashtra, India. It operates across electricity generation, transmission, distribution, renewables, solar EPC, EV charging, and rural electrification, making it one of India’s largest power businesses. Its portfolio spans conventional and clean-energy services for residential, commercial, and industrial customers. It was listed as a ransomware victim associated with Hive. ID 4388

Município De Loures is the municipal government of Loures, a city and municipality in Portugal in the Lisbon metropolitan area. It manages local public administration and citizen services, including citizen support centres and related municipal services. As a public-sector entity, it operates in the government sector and serves residents across the Loures area. It was listed as a ransomware victim associated with hive. ID 4306

Mansfield Independent School District is a public K-12 school district in Mansfield, Texas, in the Dallas-Fort Worth Metroplex. It serves students from pre-kindergarten through 12th grade across a broad area of the city and nearby communities. As an Education-sector institution, MISD provides district-wide instruction and related student services. It was listed as a ransomware victim associated with Hive. ID 4263

Southwell, Inc. is a not-for-profit healthcare system in Tifton, Georgia, serving South Central Georgia with hospitals, clinics, and related medical services. Its offerings include inpatient and outpatient care, physician services, and specialty and rehabilitation support for local patients. Public company listings describe Southwell as operating in the Services sector and based in Tifton, Georgia. It was listed as a ransomware victim associated with hive. ID 4251

Hendry Regional Medical Center is a healthcare and pharma facility located at 524 West Sagamore Avenue in Clewiston, Florida, serving Hendry County with comprehensive medical services including urgent care and rural health outreach. The hospital operates 24 hours a day and provides financial assistance programs for uninsured or underinsured residents, ensuring access to medically necessary care. It also manages affiliated clinics such as the Hendry Regional Convenient Care Center in LaBelle, extending its healthcare offerings across the region. Hendry Regional Medical Center was neutrally listed as a ransomware victim associated with the threat actor hive. ID 4244

JANMARINI is a United States skin care company in the Other sector, associated with Marini SkinSolutions in San Jose, California. Public company materials describe it as an award-winning professional skincare brand that develops and markets solutions for a range of skin concerns. Its offerings are positioned for both individuals and skin care professionals, with products focused on science-based skincare. The company was listed as a ransomware victim associated with hive. ID 4242

TAKAO-UK is a United Kingdom-based company in the broad “Other” sector, indicating a business outside standard industry categories such as finance, healthcare, or manufacturing. Publicly available company records should be used to confirm its specific offerings and operating profile. Threat-intelligence indexes use the name to track entities associated with ransomware activity and related cyber-extortion campaigns. It was listed as a ransomware victim associated with hive. ID 4241

GFG Alliance is an industrial group based in London, England, operating across manufacturing and energy-related businesses. It serves industrial manufacturing and energy sectors from its headquarters in Mayfair, London. In threat-intelligence catalogs, GFG is indexed under the broad sector label “Other” when the target entity is listed outside a narrower industry classification. It was listed as a ransomware victim associated with Hive. ID 4240

TSMTU is a healthcare organization in Tennessee, operating in the medical sector and serving patients through clinical and care-related services. Public location information shows it is based in Johnson City, Tennessee, with additional sites in nearby East Tennessee communities. Its offerings include patient care delivered through multiple health-focused locations and specialty clinics. It was listed as a ransomware victim associated with Hive. ID 4239

BHARBERT is a US company categorized in the broad other sector, indicating its business does not fit a standard industry label provided in the listing. Based on the available record, it is a named organization with operations in the United States. The entry does not supply a detailed public description of its products or services, so only its country and sector can be stated confidently. It was listed as a ransomware victim associated with Hive. ID 4219

Sigmund Software is a U.S.-based IT company headquartered in Danbury, Connecticut. It develops and supports electronic health record (EHR) software for behavioral health and addiction treatment organizations, with products used by providers in related care settings. Its platform and services are positioned for clinical, administrative, and revenue-cycle workflows in those sectors. The company was listed as a ransomware victim associated with Hive. ID 4211

The New York Racing Association (NYRA) is a not-for-profit racing association based in New York, United States. It holds the exclusive franchise to conduct thoroughbred racing at Aqueduct Racetrack, Belmont Park, and Saratoga Race Course. NYRA operates these major tracks and supports racing events, operations, and related services across its venues. It was listed as a ransomware victim associated with hive. ID 4200

Bell Technical Solutions is a Canadian telecommunications and IT services company and a wholly owned subsidiary of Bell Canada. It specializes in installing and supporting Bell services such as Home Phone, Internet, and Fibe TV for residential and business customers. The company operates across Québec and Ontario, with a primary base in Mississauga, Ontario. It was listed as a ransomware victim associated with Hive. ID 4187

Fontainebleau is a US-based hospitality and real estate development group with properties and branding in Miami Beach and Las Vegas. Its portfolio includes luxury hotels, resorts, dining, entertainment, retail, and residential offerings, and its headquarters are in Aventura, Florida. The Fontainebleau name is also used for its Las Vegas resort and casino, a high-end destination on the Strip. Fontainebleau was listed as a ransomware victim associated with Hive. ID 4182

California-Oregon Telecommunications Company is a US telecommunications provider serving customers in Northern California and Southern Oregon. Public company materials describe Cal-Ore as a full-service carrier offering internet, phone, data, and related communications services to residential, business, and institutional users. It operates as a regional local exchange and broadband provider with a long-standing presence in the area. It was listed as a ransomware victim associated with hive. ID 4098

Eurocell is a British building-products group based in Derbyshire, England, that manufactures, recycles and distributes PVC-U profiles and related window, door and roofing products. It supplies trade customers with sustainable solutions for residential and commercial property projects. The company was founded in 1974 and operates from its head office and distribution centre in South Normanton, Alfreton. Eurocell was listed as a ransomware victim associated with hive. ID 4072

NCG Medical is a US-based healthcare services company headquartered in Orlando, Florida, with additional offices in Florida, Pennsylvania, and Puerto Rico. It provides medical insurance billing, revenue cycle management, practice management, electronic health records, and related consulting for ambulatory practices and other healthcare clients. The company says it has supported medical billing and RCM services since 1979 and serves surgery centers, cancer centers, hospitalists, and physician practices. It was listed as a ransomware victim associated with hive. ID 4058

Altice International is a Netherlands-based services company within the Altice telecom group, operating from Amsterdam. It provides telecommunications services including broadband internet, fixed-line telephony, mobile, and pay-television offerings to residential and corporate customers across its markets. The group is part of the broader Altice structure associated with cable, fiber, telecommunications, content, and media operations. It was listed as a ransomware victim associated with hive. ID 4014

Baton Rouge General is a healthcare provider in Baton Rouge, Louisiana, serving patients through hospital and clinic locations across the city and nearby areas. Its services include primary care, urgent care, specialty clinics, emergency care, and patient tools such as online scheduling and MyChart access. The organization operates facilities at Mid City and Bluebonnet, with additional services in the surrounding region. It was listed as a ransomware victim associated with Hive. ID 4011

Reiter Affiliated Companies is a family-owned agricultural grower headquartered in Oxnard, California, recognized as the world's largest fresh multi-berry producer. The company cultivates proprietary varieties of strawberries, raspberries, and other berries for Driscoll's, operating farms across the US, Canada, Mexico, and beyond. Its offerings include premium fresh berries supplied to global markets, supported by a business model rooted in farming entrepreneurship since 1868. Reiter Affiliated Companies was listed as a ransomware victim associated with the threat actor hive. ID 3973

Wootton Academy Trust is an education trust in Bedford, England, centred on Wootton Upper School on Hall End Road. It serves pupils in secondary education and sixth-form provision, educating more than 1,600 students across its school setting. The trust’s public profiles and school materials place it in the education sector and identify its Bedford location. It was listed as a ransomware victim associated with Hive. ID 3963

TriState HVAC Equipment is a Philadelphia-area company that provides commercial HVAC mechanical systems, air distribution, and central system equipment. It serves customers across Pennsylvania, Delaware, and New Jersey, including hospitals, schools, institutions, labs, and other commercial buildings. The company is described as a representative, distributor, and integrator of HVAC products and related support services. It was listed as a ransomware victim associated with hive. ID 3952

ENN Group is a Chinese energy company based in China and one of the country’s largest privately held firms. It develops and operates natural gas projects and provides clean-energy services, including gas sales, distribution, and related energy supply operations. Public company profiles also describe it as active in natural gas project development and operation across China. It was listed as a ransomware victim associated with Hive. ID 3903

CIMEX is a pest management company headquartered in Rockaway, New Jersey, United States, offering residential, commercial, and industrial pest control services across the Phoenix Metropolitan Area and beyond. The firm provides tailored solutions for a wide range of clients, including homes, businesses, and large industrial facilities, leveraging experienced technicians and targeted strategies. As part of the Other sector, CIMEX operates without a single dominant product line but delivers comprehensive environmental health services. The company was listed as a ransomware victim associated with the threat actor hive. ID 3876

Weidmuller USA is the North American arm of Weidmüller, a global industrial connectivity and automation company headquartered in Richmond, Virginia. The company says it provides smart industrial connectivity and automation products and solutions, and the wider Weidmüller Group develops electrical connection and automation technologies for industrial applications. Its U.S. operation supports customers from Richmond, while the group maintains production and distribution in more than 80 countries. Weidmueller was listed as a ransomware victim associated with hive. ID 3875

Empress EMS is a New York-based emergency medical services provider serving Yonkers, Poughkeepsie, and the broader Hudson Valley and Westchester area. It provides emergency and non-emergency ambulance transport, including advanced and basic life support, and operates from locations in Yonkers and Poughkeepsie. The company says it has offered EMS and after-care transportation services since 1985. Empress EMS was listed as a ransomware victim associated with Hive. ID 3867

LaVan & Neidenberg, P.A. is a South Florida law firm based in Plantation, Florida, serving clients across the US. Public listings describe its practice as focused on disability-related matters, including Social Security, long-term disability, veterans benefits, and debt harassment defense. The firm also appears in legal directories under personal injury and automobile accident work. It was listed as a ransomware victim associated with hive. ID 3834

Carrolls Irish Gifts is a leading retail company in Ireland, established in 1982, specializing in high-quality Irish gifts, clothing, jewelry, and souvenirs for all occasions. The company, headquartered in Dublin with additional locations across Ireland, stocks many leading Irish brands including Guinness, Carraig Donn, and Tipperary Crystal. It is a fully Irish-owned retailer with over 40 years of business experience, offering an extensive product range that celebrates heritage and tradition. Carrolls Irish Gifts was listed as a ransomware victim associated with the threat actor hive. ID 3797

Behavioral Health System is a US healthcare organization focused on behavioral health, a field that addresses mental health and substance use concerns through prevention, treatment, and ongoing support. Behavioral health providers typically include clinicians and care teams that deliver counseling, psychiatric care, and related services across inpatient and outpatient settings. In the US, behavioral health is commonly delivered through integrated medical and specialty care models. Behavioral Health System was listed as a ransomware victim associated with Hive. ID 3793

FMT Consultants is a business technology consulting firm headquartered in Carlsbad, California, that specializes in integrated business management solutions and custom development. It serves organizations seeking technology consulting and implementation support. The company is generally categorized in the Other sector. In threat-intelligence indexes, FMT was listed as a ransomware victim associated with Hive. ID 3792

City Furniture is South Florida's leading furniture and mattress retailer, operating numerous showrooms across the state with a focus on value and exceptional service. The company, headquartered in Fort Lauderdale, offers home furnishings and decor through both online platforms and in-store experiences, serving residential and commercial customers. With planned expansions throughout Southeast, Southwest, and Central Florida, City Furniture remains a fast-growing business in the furniture retail industry. The company was neutrally listed as a ransomware victim associated with the Hive threat actor in the United States Public Sector. ID 3791

RALLYE-DOM is a France-based company in the Other sector, with public-facing business details not clearly disclosed in the available search results. Its name suggests an operating entity rather than a consumer brand, but the exact offerings and location are not confirmed by the sources provided. In threat-intelligence catalogs, it is referenced for monitoring as an indexed organization name. It was listed as a ransomware victim associated with hive. ID 3790

SANDO is a Spain-based organization in the Other sector, identified here for threat-intelligence cataloging rather than as a cybersecurity vendor or incident responder. Public information indicates it operates as a business entity in Spain, but this listing does not specify its exact offerings, so they are not inferred here. In threat-intelligence contexts, SANDO is referenced as a ransomware victim entry tied to the Hive ecosystem. It was listed as a ransomware victim associated with hive. ID 3775

RTVCM is an entity in the Other sector in Mexico. Publicly available search results do not clearly establish its exact business model, location, or offerings, so its profile should be treated as limited and non-specific. In threat-intelligence records, it appears as a named organization rather than a detailed operating company. RTVCM was listed as a ransomware victim associated with hive. ID 3774

Adapt IT is a South Africa-headquartered IT services and software company based in Johannesburg, with offices in Midrand, Durban, Cape Town and other regional locations. It develops specialised vertical-market software and digitally led business solutions for sectors including education, financial services, energy, mining and telecommunications. Its offerings support customer experience, core operations, business administration and enterprise resource planning. The company was listed as a ransomware victim associated with hive. ID 3773

Exela Technologies is a US-based information technology and business process automation company headquartered in Texas. It provides workflow automation, cognitive automation, digital mailroom, print communications, and payment-processing solutions for enterprise environments. The company serves industries such as banking, healthcare, and insurance, supporting mission-critical operations across global deployments. It was listed as a ransomware victim associated with Hive. ID 3772

Apetito is a UK food producer based in Trowbridge, Wiltshire, and part of the wider food and beverage manufacturing sector. It provides prepared meals and food services, with a focus on nutritious, sustainable meals for health and social care customers and other groups. The company also markets its Wiltshire Farm Foods brand in the UK. APETITO was listed as a ransomware victim associated with hive. ID 3771

GROUP4 AUSTRALIA is an Australian Services-sector company, part of a national economy where services dominate business activity and output. As a Services business, it operates in the broad Australian services market, which includes activities such as professional, administrative, and other business services. The company was listed as a ransomware victim associated with hive. ID 3770

Authentic Brands Group is a New York–based brand development and licensing company in the services sector. It acquires, owns, and manages sports, media, entertainment, and lifestyle brands, then works through a partner network to commercialize them across countries and retail channels. The company’s public materials describe it as a global brand platform with broad retail and licensing reach. It was listed as a ransomware victim associated with Hive. ID 3769

Yurtiçi Kargo is a Turkish cargo and logistics company founded in 1982 and based in Turkey. It operates nationwide parcel and freight services through regional directorates and transshipment centers, serving customers with delivery and transportation offerings. The company is widely described as Turkey’s first cargo brand and a leading logistics operator. It was listed as a ransomware victim associated with hive. ID 3733

Hamlyns Limited is a Woking, Surrey-based chartered accountancy firm that provides tailored accountancy, taxation, auditing, and business advisory services to clients in the UK. The company operates from Sundial House on High Street in Horsell and presents itself as an authorised training office for professional accountancy bodies. Its services position it in the broader business services category rather than a manufacturing or retail sector. It was listed as a ransomware victim associated with hive. ID 3732

DIRECTFERRIES is a UK-based ferry travel platform that compares and books ferry crossings across Europe, Africa, and other global routes. Founded in 1999, it offers ferry tickets through a multi-platform service and also provides related travel products such as accommodation, train tickets, and vehicle breakdown cover. Companies House lists Direct Ferries Limited as an active company with a registered office in Ipswich, England. It was listed as a ransomware victim associated with hive. ID 3731

MHIRE is an Other-sector organization in the United States; publicly available details about its offerings are limited in the provided sources. The name is used here as a catalog entry for a company rather than a confirmed incident report. Hive was a ransomware-as-a-service operation active from 2021 to 2023 and associated with double-extortion tactics. MHIRE was listed as a ransomware victim associated with hive. ID 3730

CAN.COM is a Netherlands-based business listed in the “Other” sector, indicating it does not fall into a standard industry category in the index. Publicly available source material does not provide a reliable description of its offerings, so it should be treated conservatively as a corporate entity in the Netherlands. In threat-intelligence context, the entry identifies CAN.COM as a ransomware victim. It was listed as a ransomware victim associated with hive. ID 3729

AUM is a U.S.-based financial services firm in the asset-management sector, where AUM commonly means assets under management, the market value of investments overseen for clients. Firms in this sector manage capital on behalf of investors and institutions, often reporting AUM as a core measure of scale and activity. In New York, the business profile fits an investment-management organization serving clients through portfolio oversight and related financial services. It was listed as a ransomware victim associated with hive. ID 3728

KDE is an international free software community that develops free software and provides tools enabling digital control and privacy. Operating as a global hub, it offers desktop systems and resources for desktop and portable computing. The community is based internationally with significant presence in the GB region, supporting volunteers who create open-source solutions. KDE was listed as a ransomware victim associated with the threat actor hive. ID 3727

YURTICIKARGO is a Turkish logistics and cargo company operating in the transport and delivery sector. It provides parcel and freight services across Turkey through a nationwide distribution and delivery network, serving businesses and individual customers. In threat-intelligence tracking, the company appears in the broader “other” sector classification because public sources focus on the victim listing rather than detailed corporate profiling. It was listed as a ransomware victim associated with hive. ID 3726

Massy Distribution Limited is a Jamaican distributor and importer focused on pharmaceutical and consumer products, serving the local market from Jamaica. The company’s business centers on moving branded goods and everyday essentials through distribution channels, reflecting a broader role in the country’s commercial supply chain. In threat-intelligence records, Massy Distribution Limited was listed as a ransomware victim associated with Hive. ID 3725

WWSTEELE is a Manufacturing and Engineering company based in the United States, specializing in steel fabrication and industrial solutions. The firm operates production facilities with advanced capabilities and technologies to serve diverse market needs. Its offerings include steel work platforms, mezzanines, and custom metalworking services for industrial clients. WWSTEELE was listed as a ransomware victim associated with the hive threat actor. ID 3724

NETWORK4CARS Trading B.V. is based in Nieuw-Vennep, the Netherlands, and operates from Schillingweg 105 with headquarters in the Dutch market. Public company pages describe its business as a wholesale car dealer that sells new and young used cars and manages the process for customers. Its operations extend across Europe and into Asia, the Middle East, the Americas, and North Africa. It was listed as a ransomware victim associated with hive. ID 3723

AG is a U.S.-based company classified in the Other sector. Public web results do not provide enough reliable detail to confirm its specific location or core offerings, so its business profile should be treated conservatively. In threat-intelligence cataloging, AG is referenced as an organization rather than a product or service brand. It was listed as a ransomware victim associated with hive. ID 3720

Rocky is an entity operating within the Other sector, with no specific location or defined offerings publicly documented beyond its sector classification. As part of the broader landscape of organizations facing cyber threats, Rocky's operational scope remains general due to the lack of detailed sector-specific data. The entity was listed as a ransomware victim associated with the threat actor hive, marking its inclusion in recent ransomware victim reports published by threat actors on public data leak sites. This listing reflects the growing trend of businesses falling victim to ransomware attacks, where recovery costs and downtime present significant financial and reputational harm. Rocky's case underscores the under-reported physiological and physical harms experienced by staff in victim organizations during such incidents. ID 3708

SuperAlloy Industrial Co., Ltd. is an international manufacturing and engineering company headquartered in Douliu, Taiwan, that specializes in engineering and producing lightweight metal forging solutions primarily for the automotive industry. The company offers forged aluminum wheels for luxury and sports automobiles alongside lightweight suspension components, operating facilities in Taiwan, the United States, the United Kingdom, Germany, and other global regions. While the entity is known for its high-end custom forging solutions for mobility and aerospace sectors, it was neutrally listed as a ransomware victim associated with the threat actor hive. ID 3694

Diskriter is a US-based organization operating within the Other sector, with no specific public offerings detailed beyond its general sector classification. As an entity in the United States, it represents the broad range of targets affected by sophisticated cyber threats like ransomware. Diskriter was neutrally listed as a ransomware victim associated with the Hive threat actor, underscoring the group's extensive targeting of over 1,500 victims worldwide since 2021. This listing reflects the double-extortion tactics of Hive, which exfiltrate data before encrypting systems to demand ransom. The incident aligns with Hive's pattern of targeting diverse sectors, including healthcare, government, and critical infrastructure, without limiting impact to specific industries. ID 3693

Alphapointe is a US-based nonprofit organization headquartered in Kansas City, Missouri, that serves people who are blind or visually impaired. It provides vision rehabilitation, career training, employment services, education, and advocacy, and it has supported people with vision loss since 1911. The organization also operates from a second location in Richmond Hill, New York. Alphapointe was listed as a ransomware victim associated with hive. ID 3682

Arte Radiotelevisivo Argentino (Artear) is an Argentine media company based in Buenos Aires that creates and distributes television content across its platforms. Its corporate site says it produces quality content for multiple audiences, and company profiles identify it as a radio and television operator. Artear was listed as a ransomware victim associated with hive. ID 3680

Goodman Campbell Brain & Spine is a US health care provider based in Indiana, with locations in Carmel, Greenwood, Indianapolis and other communities. It offers neurosurgical, spine and neurological care, including adult neurosurgery outpatient clinics, pain management and related specialty services. The organization describes itself as a leader in brain and spine care and a center for neurosurgery training and clinical research. It was listed as a ransomware victim associated with Hive. ID 3610

G&P Projects And Systems S.A. is a Brazilian enterprise operating for nearly three decades in the information technology sector, with locations in São Paulo and Rio de Janeiro. The company specializes in delivering end-to-end solutions for developers, contractors, and project teams seeking reliable sourcing and streamlined procurement support. It operates within the communication and marketing industry, providing technology-driven services to clients across Brazil. G&P Projects And Systems S.A. was listed as a ransomware victim associated with the hive threat actor. ID 3565

Caracol Televisión is a Colombian media and entertainment company and one of the country’s two private national TV networks. Based in Bogotá, it broadcasts popular programming across entertainment, series, realities, telenovelas, documentaries, and live television. The channel is widely known for its national reach and Spanish-language content distribution. It was listed as a ransomware victim associated with hive. ID 3564

Travira Air is an Indonesian air charter service operator headquartered in Jakarta. Public company profiles also describe it as providing maintenance services in the aviation sector and serving specialized commercial clients from its Jakarta base. The company is associated with charter operations rather than scheduled passenger airline service. It was listed as a ransomware victim associated with hive. ID 3550

XEIAD appears to be a United Kingdom-based organization in the broad “Other” sector, indicating a business or entity outside standard industry classifications. Publicly available details about its specific offerings are limited, so a neutral profile should avoid assuming products or services beyond its identified sector and country. Hive is a ransomware operation known for double extortion, which has targeted organizations across multiple sectors. XEIAD was listed as a ransomware victim associated with Hive. ID 3549

SOUCY is a Canadian industrial group based in Drummondville, Québec, that designs and manufactures track systems and high-performance components and accessories for off-road vehicles. Its broader operations also include parts and castings for sectors such as power sports, agriculture, defense, and industrial applications. Public company listings describe Soucy as an integrated manufacturing and distribution group with multiple Québec locations. It was listed as a ransomware victim associated with hive. ID 3540

Guardian Fueling Technologies is a privately held US company based in Jacksonville, Florida, serving fuel system owners and operators across the Southeast. It provides petroleum equipment distribution, fueling system construction, installation, maintenance, and related service support. Public company materials describe it as a provider of world-class fueling solutions and technology with multiple branch locations across several states. It was listed as a ransomware victim associated with Hive. ID 3539

ChemStation International, Inc. is a US-based company headquartered in Dayton, Ohio that produces industrial cleaning and process chemicals. The company's products serve diverse industries including concrete form release, flexographic printing, floor cleaning, food and beverage, forest products, odor control, parts cleaning, and transportation. ChemStation offers custom-formulated, environmentally friendly cleaning solutions delivered via a unique refillable container system. The company was listed as a ransomware victim associated with the hive threat actor. ID 3538

GUARDFUEL is a US-based Energy sector company that designs, constructs, services, and distributes equipment for petroleum storage, pumping, and dispensing systems, as well as EV chargers and associated products. The company provides factory-authorized service, sales, and installation of major equipment lines for retail and commercial-industrial fuel system applications across Florida, North Carolina, and Georgia. GUARDFUEL was listed as a ransomware victim associated with the threat actor hive. ID 3537

NUAIRE LIMITED is a British company registered in Leeds, England, specializing in the manufacture of non-domestic cooling and ventilation equipment. Founded in 1966 and headquartered in Bridgend, Wales, the firm produces fans for both commercial and residential applications. For over 50 years, Nuaire has provided clean air solutions through ventilation systems for residential, commercial, and industrial buildings. The company was listed as a ransomware victim associated with the threat actor hive. ID 3536

IGHQ is a U.S.-based real estate company headquartered in San Diego, California, with a Boston presence and a portfolio focused on life-science and innovation districts. Its website says it develops properties in major U.S. research hubs and in the United Kingdom, serving tenants in science and technology-driven markets. Public business directories also classify IGHQ as a real estate firm. It was listed as a ransomware victim associated with hive. ID 3535

Yachiyo Of America is a Tier 1 automotive supplier specializing in plastic fuel tanks and sunroofs, operating its North American headquarters and R&D center in Columbus, Ohio. The company, founded in 1997 as a consolidated subsidiary of Motherson Yachiyo Automotive Systems, is committed to innovation and quality in manufacturing automotive components. It serves the global automotive industry with products including fuel tanks, sunroofs, and rollshades, maintaining production facilities in Marion, Ohio. Yachiyo Of America was listed as a ransomware victim associated with the threat actor hive. ID 3533

RateGain Travel Technologies Limited is an India-based software-as-a-service company focused on the travel and hospitality industry, with its primary office in Noida, Uttar Pradesh. It offers AI-powered products for rate intelligence, revenue optimization, channel distribution, and guest engagement across hotels and other travel providers. The company is also described as serving more than 13,000 customers globally. It was listed as a ransomware victim associated with hive. ID 3517

SPORTPLAZA is a Netherlands-based business entity; public company records identify Sportplaza Moerdijk B.V. as a holding company founded in 2005. The name also appears in commercial directories for a sports and fitness business, but the available records do not clearly establish a more detailed operating profile. In threat-intelligence indexes, SPORTPLAZA is listed as a ransomware victim associated with Hive. ID 3487

EIITNET appears to be a U.S. organization classified in the Other sector, but the available source set does not identify its public offerings or operational profile. In this index context, the name is used to label an affected entity rather than to describe a confirmed compromise. Hive is a ransomware-as-a-service operation known for double-extortion tactics and widespread victimization. EIITNET was listed as a ransomware victim associated with hive. ID 3482

CARTEGRAPH is a US-based software company in the Other sector, headquartered in Dubuque, Iowa. It builds software for local governments and similar organizations to manage physical assets, work orders, infrastructure, and facility planning. Its products are used to support stewardship of buildings and critical infrastructure, helping teams map, track, and maintain assets more efficiently. CARTEGRAPH was listed as a ransomware victim associated with hive. ID 3481

Tri-Ko is a United States company in the Other sector, and public business information for the name is limited in the available sources. Its exact offerings are not clearly identified in the search results, so this entry describes it conservatively as a US-based business outside a more specific industry classification. The threat-intelligence listing associates Tri-Ko with Hive, a ransomware group active since 2021. Tri-Ko was listed as a ransomware victim associated with hive. ID 3477

FAW-Volkswagen Automobile Co., Ltd. is a large passenger automobile manufacturer based in Changchun, Jilin, China. It is a joint venture of FAW Group and Volkswagen Group and produces Audi and Volkswagen-branded passenger cars for the Chinese market. The company operates multiple assembly plants in China and is part of Volkswagen Group China’s local manufacturing network. It was listed as a ransomware victim associated with hive. ID 3367

Monterey Mechanical Co. is a California-based industrial contractor and metal fabricator headquartered in Oakland, with operations centered in the San Francisco Bay Area. The company describes its work in complex water and wastewater projects, industrial facilities, metals fabrication and installation, HVAC, and odor control. Industry directories also list contractor specialties that include general engineering and related industrial services. The company was listed as a ransomware victim associated with Hive. ID 3321

Attica Group is a Greece-based holding company active in passenger shipping, travel agency, and cargo services. With a 30-year presence on Greek and international seas, it leads the coastal passenger shipping sector and operates among the largest ferry fleets in the region. The group offers shipping, transportation, and leisure connections between Greece and Italy in the Adriatic Sea, as well as routes to the Cycladic, Dodecanese islands, and Crete. It merged with ANEK Lines in December 2023, significantly expanding its fleet and operational capacity in the Greek ferry sector. Attica Group was listed as a ransomware victim associated with the threat actor hive. ID 3297

SSK Ingeniería y Construcción S.A.C. is a private construction company based in Lima, Peru, with its headquarters in San Isidro. Public business profiles describe it as operating in building construction, and one company profile notes work in residential building construction. Company descriptions also reference projects and services in construction and assembly for industrial sectors such as mining, metallurgy, and energy. It was listed as a ransomware victim associated with hive. ID 3277

MILLS GROUP is a business consulting and services company headquartered in Austin, Texas, United States, operating with a small team of 2 to 10 employees. The firm provides IT services and IT consulting, helping clients navigate diverse regulatory, cultural, and economic environments. As a specialized provider in the Services sector, it supports organizations with tailored business solutions. The company was listed as a ransomware victim associated with the Hive threat actor, reflecting an incident that targeted its operational infrastructure. ID 3195

FCCH refers to First Choice Community Healthcare, a nonprofit community health provider based in Albuquerque, New Mexico. It operates multiple locations across the Greater Albuquerque area and serves patients through primary care and related outpatient health services. The organization describes itself as a 501(c)(3) community health center and recognized patient-centered medical home. It was listed as a ransomware victim associated with Hive. ID 3106

PHC Holdings Corporation is a Japan-based healthcare technology company headquartered in Tokyo, with operations in biomedical, diabetes, and health-informatics businesses. Its group includes PHC Corporation and other subsidiaries serving clinical, laboratory, and digital health markets. PHC operates from Tokyo and maintains North American offices in Wood Dale, Illinois. It was listed as a ransomware victim associated with Hive. ID 3010

Konradin Mediengruppe GmbH is a German media and publishing group based in Leinfelden-Echterdingen, Baden-Württemberg. The company says it is one of the largest providers of specialist information in the German-speaking market and publishes magazines, books, and related media services. It operates from Ernst-Mey-Straße 8 and serves business and professional audiences across multiple editorial and service brands. The company was listed as a ransomware victim associated with hive. ID 2970

Pollmann is an Austrian family-owned company based in Karlstein/Thaya, Lower Austria, with additional international locations. It focuses on the automotive industry and develops and produces mechatronic components and related industrial solutions for vehicle manufacturing. Company information describes long-standing operations in Austria and a global footprint across several sites. It was listed as a ransomware victim associated with hive. ID 2966

No additional victim description available. ID 2962

No additional victim description available. ID 2956

No additional victim description available. ID 2948

No additional victim description available. ID 2947

No additional victim description available. ID 2941

No additional victim description available. ID 2940

No additional victim description available. ID 2927

No additional victim description available. ID 2926

No additional victim description available. ID 2925

No additional victim description available. ID 2924

No additional victim description available. ID 2923

No additional victim description available. ID 2922

No additional victim description available. ID 2921

No additional victim description available. ID 2920

No additional victim description available. ID 2919

No additional victim description available. ID 2915

No additional victim description available. ID 2884

No additional victim description available. ID 2773

No additional victim description available. ID 2723

No additional victim description available. ID 2722

No additional victim description available. ID 2721

No additional victim description available. ID 2720

No additional victim description available. ID 2719

No additional victim description available. ID 2718

No additional victim description available. ID 2717

No additional victim description available. ID 2716

No additional victim description available. ID 2715

No additional victim description available. ID 2714

No additional victim description available. ID 2713

No additional victim description available. ID 2712

No additional victim description available. ID 2711

No additional victim description available. ID 2710

No additional victim description available. ID 2709

No additional victim description available. ID 2708

No additional victim description available. ID 2707

No additional victim description available. ID 2706

No additional victim description available. ID 2705

No additional victim description available. ID 2704

No additional victim description available. ID 2703

No additional victim description available. ID 2702

No additional victim description available. ID 2701

No additional victim description available. ID 2510

No additional victim description available. ID 2509

No additional victim description available. ID 2508

No additional victim description available. ID 2507

No additional victim description available. ID 2506

No additional victim description available. ID 2505

No additional victim description available. ID 2504

No additional victim description available. ID 2503

No additional victim description available. ID 2502

No additional victim description available. ID 2501

No additional victim description available. ID 2500

No additional victim description available. ID 2499

No additional victim description available. ID 2498

No additional victim description available. ID 2497

No additional victim description available. ID 2496

No additional victim description available. ID 2495

No additional victim description available. ID 2494

No additional victim description available. ID 2493

No additional victim description available. ID 2492

No additional victim description available. ID 2491

No additional victim description available. ID 2490

No additional victim description available. ID 2489

No additional victim description available. ID 2488

No additional victim description available. ID 2487

No additional victim description available. ID 2486

No additional victim description available. ID 2485

No additional victim description available. ID 2484

No additional victim description available. ID 2483

No additional victim description available. ID 2482

No additional victim description available. ID 2471

No additional victim description available. ID 2470

No additional victim description available. ID 2416

No additional victim description available. ID 2304

No additional victim description available. ID 2248

No additional victim description available. ID 2247

No additional victim description available. ID 2221

No additional victim description available. ID 2220

No additional victim description available. ID 2219

No additional victim description available. ID 2218

No additional victim description available. ID 2217

No additional victim description available. ID 2216

No additional victim description available. ID 2215

No additional victim description available. ID 2214

No additional victim description available. ID 2213

No additional victim description available. ID 2212

No additional victim description available. ID 2211

No additional victim description available. ID 2210

No additional victim description available. ID 2209

No additional victim description available. ID 2208

No additional victim description available. ID 2207

No additional victim description available. ID 2206

No additional victim description available. ID 2205

No additional victim description available. ID 2204

No additional victim description available. ID 2203

No additional victim description available. ID 2202

No additional victim description available. ID 678

No additional victim description available. ID 673