Onyx

Artistic Stairs and Railings is an Edmonton, Alberta-based construction company that manufactures and installs custom staircases, railings, and specialty mouldings. Its website describes the firm as a staircase and railing manufacturer and installer serving residential, renovation, and commercial building projects. The company presents itself as Alberta's custom stair leader with a focus on bespoke craftsmanship and production. It was listed as a ransomware victim associated with onyx. ID 4639

Wayan Natural Wear is a Mexico-based retail brand that presents itself as a fashion and lifestyle store with an online shop at wayan.com.mx. Its public channels describe a warm, ethnic, natural concept centered on women’s apparel, accessories, and resort-style pieces. Available listings also place the business in Quintana Roo, Mexico, reflecting a presence in the country’s tourism and retail market. The entity was listed as a ransomware victim associated with onyx. ID 4638

C&C Farm Supply operates in the Agriculture / Food sector and serves dairy farmers from Harrisonburg, Virginia. Public business listings and the company’s former website identify it as a local farm supply business with the same location and phone number now used by Everstead Farm Supply. It has been described as serving dairy farms across the Shenandoah Valley and nearby areas. It was listed as a ransomware victim associated with onyx. ID 4637

Ackerman Plumbing Inc is a trusted commercial plumbing services provider located in Sarasota, Florida, specializing in new builds, renovations, and emergency repairs. The company offers a wide range of services including routine maintenance, complex commercial projects, and medical gas systems. As a licensed and union-affiliated firm, it serves Johnson County and surrounding areas with professional plumbing solutions. Ackerman Plumbing Inc was neutrally listed as a ransomware victim associated with the Onyx threat actor. ID 4636

Semaphore HQ is a family of companies based in Irvine, California, with a website at semaphorehq.com. Its public materials describe offerings that include accounting, tax preparation, payroll, insurance, business management, and brand or licensing services, with support for small and medium businesses and creators. The company presents itself as a concierge-style service provider for clients seeking financial and business support. It was listed as a ransomware victim associated with onyx. ID 4635

www.baltholding.eu appears to be a Dutch business operating in the broader logistics and warehousing space, which is commonly centered on storage, handling, and distribution services in Europe. Publicly available trade and company-index data associate the name Baltholding with import-export activity, but detailed corporate information on offerings is limited in the sources provided. The entity is classified in the Other sector for this listing, reflecting an unspecified business profile rather than a clearly defined industry vertical. It was listed as a ransomware victim associated with onyx. ID 4634

Pacific Maritime Industries Corp., associated with www.pacmaritime.com, is a San Diego, California–based manufacturer serving maritime and industrial customers. Public business listings describe the company as producing and installing shipboard interiors, modular furniture, and related wood and interior products for vessels and naval use. Its footprint is centered in Southern California, with an address listed in San Diego and another directory entry in Chula Vista, California. It was listed as a ransomware victim associated with onyx. ID 4633

Wayne Family Practice is a family medicine practice in Jesup, Georgia, in the United States, with a published address at 330 Peachtree Street and a local contact number. Its public listing identifies it as a family medicine practice serving patients through primary care services. The practice also uses a patient portal email address, indicating online patient communication and account access. It was listed as a ransomware victim associated with onyx. ID 4632

www.advantagedirectcare.com appears to represent Advantage Direct Care, a healthcare practice in the United States that offers direct primary care services. Direct care practices typically provide members with primary care access outside the traditional insurance-driven model, emphasizing routine visits and ongoing patient relationships. The site name and service model place it in the broader Other sector rather than a specialized industry category. It was listed as a ransomware victim associated with onyx. ID 4631

www.cucafresca.com.br is the website of Cuca Fresca Informática, a Brazilian software company that provides integrated systems for accounting, tax, payroll, and timekeeping. Its platform serves accounting firms and businesses across Brazil, with products and support channels for commercial and technical customers. The company also offers solutions for ponto eletrônico, jornadas, and conformidade trabalhista. It was listed as a ransomware victim associated with onyx. ID 4630

ARISA, Corredores de Seguros, S.A. operates as an insurance brokerage and risk-advisory firm in Guatemala, serving corporate and personal clients across Central America. Its website describes offerings in medical, life, business, property, auto, and bond insurance, with headquarters in Guatemala City. The company says it has provided insurance advisory services since 1976 and maintains regional coverage in multiple Central American countries. It was listed as a ransomware victim associated with onyx. ID 4629

www.jaspercountysheriffoffice.com is the official website of the Jasper County Sheriff’s Office in Jasper, Texas, a public sector law-enforcement agency serving the county from 101 Burch Street in Jasper. The office provides local sheriff services and public information, including records, personnel contacts, commissary deposit details, inmate phone deposit information, and other helpful links. As a county sheriff’s office, it supports law-enforcement administration, records handling, and related public services for residents and visitors in Jasper County. It was listed as a ransomware victim associated with onyx. ID 4628

www.minex.gob.gt is the official website of Guatemala’s Ministry of Foreign Affairs, a government body based in Guatemala City that manages embassies, consulates, appointments, and consular services. It also provides online services such as apostille and legalisation requests for Guatemalan and overseas users. In threat-intelligence catalogs, it appears under the broader other sector. The site was listed as a ransomware victim associated with onyx. ID 4627

Project ReDirect, Inc. (Project ReDirect DC) is a nonprofit organization based in Washington, D.C., with operations also listed in Las Vegas, Nevada and New York. Its website says it provides person-centered, transformative programs and services that support individuals facing life challenges and enhance quality of life in their communities. The organization’s public materials describe a communications and marketing-focused mission around outreach, newsletters, and program information. It was listed as a ransomware victim associated with onyx. ID 4626

El Ministerio de Relaciones Exteriores, Comercio Internacional y Culto de la República Argentina, conocido como Cancillería, es el organismo del Poder Ejecutivo encargado de las relaciones exteriores del país. Tiene sede en Buenos Aires y representa a la Nación ante gobiernos extranjeros y organismos internacionales, además de coordinar asuntos diplomáticos, cooperación internacional y vínculos económicos y culturales. En términos de sector, se clasifica como Other por tratarse de una entidad pública. Fue listado como víctima de ransomware asociada con onyx. ID 4249

Borough of Union Beach is a municipal government in Monmouth County, New Jersey, serving residents from its office at 650 Poole Avenue in Union Beach. The borough provides local public administration and community services for the coastal town on Raritan Bay, between Keyport and Keansburg. Its official website identifies it as the Borough of Union Beach, New Jersey. It was listed as a ransomware victim associated with onyx. ID 3908

ARISA Corredores de Seguros, S.A. is a Guatemalan company based in Guatemala City that operates in the insurance brokerage and agency sector. It provides corporate insurance advisory and related coverage services, including life, auto, medical expenses, and surety bonds. Public company profiles and its own website describe it as a long-established broker serving clients in Guatemala and Central America. It was listed as a ransomware victim associated with onyx. ID 3891

CUCA FRESCA is a Brazil-based business in the Other sector, and its public profile does not clearly indicate a specific product category or service line from the available record. In catalog and threat-intelligence contexts, such entries are used to identify organizations by name, sector, and country when detailed operating information is limited. The listing does not itself confirm an incident beyond its inclusion in ransomware victim tracking. CUCA FRESCA was listed as a ransomware victim associated with onyx. ID 3870

WAYAN NATURAL WEAR is a Mexican retail brand that operates boutiques in Quintana Roo, including Playa del Carmen and Cancún. It sells fashion and lifestyle goods in a natural, eco-chic style, with store listings placing it on Fifth Avenue in Playa del Carmen and in the Cancún hotel zone. Company descriptions and social profiles present it as a fashion and accessories retailer focused on a warm, contemporary shopping experience. It was listed as a ransomware victim associated with onyx. ID 3869

Artistic Stairs & Railings is a construction company headquartered in Calgary, Alberta, Canada, specializing in the manufacture and installation of award-winning circular stairs, straight stairs, and stair railings for homebuilders and homeowners across the province. The firm provides custom design, consultation, and installation services for production, remodel, and commercial building projects, delivering consistent results with clear timelines. The company was listed as a ransomware victim associated with the threat actor onyx. ID 3868

Baltholding OÜ is an Estonian company based in Tallinn, with its registered office in the Põhja-Tallinn district on Kopli tn 63a-4. Public business records identify it in the other sector, and directory listings describe trading activity in food and dairy products. The company operates from Estonia and uses the contact details published in the national business register. It was listed as a ransomware victim associated with onyx. ID 3866

Jasper County Sheriff's Office is a public-sector law enforcement agency serving Jasper County, South Carolina, from Ridgeland. It provides patrol, criminal investigations, records access, emergency response, dispatch, and other sheriff’s office services for county residents. The office also handles incident reporting, warrants, and community-facing public safety support. In this ransomware victim listing, it was associated with onyx. ID 3322

Pacific Maritime Industries Corp. is a Services-sector company based in San Diego, California, that supplies maritime-related products and support for the U.S. Navy, ship repair yards, and commercial maritime operations. Public profiles describe it as a federal contractor and supplier of shipboard furnishings and related goods, reflecting a business focused on maritime logistics and outfitting. In threat-intelligence catalogs, it was listed as a ransomware victim associated with onyx. ID 3310

WAYNE FAMILY PRACTICE, ASSOC., P.C. is a medical group practice in Jesup, Georgia, with locations on Peachtree Street and Colonial Way. It provides family medicine and nursing services, including primary care and telehealth, for local patients. The practice operates as a healthcare provider serving the Jesup area. It was listed as a ransomware victim associated with onyx. ID 3309

Advantage Direct Care is a provider associated with the direct care field, a healthcare-adjacent service sector that supports individuals needing personal assistance and related care. Public listings suggest a U.S.-based organization, but available sources do not clearly document a detailed public company profile, services list, or headquarters location. In threat-intelligence cataloging, it is referenced as a ransomware victim entry. The listing identifies Advantage Direct Care as a ransomware victim associated with onyx. ID 3308

C&C FARMERS’ SUPPLY CORP is a Virginia farm-supply business serving agricultural and dairy customers with equipment, feed, and related supplies. Everstead Farm Supply states that C&C Farm Supply was its former name and that the business has supported Virginia dairy farmers since 1979. The company operates in the Agriculture / Food sector and is associated with U.S. farm retail operations. It was listed as a ransomware victim associated with onyx. ID 3307

Semaphore Solutions Inc is a Canada-based services company focused on laboratory informatics and custom software for R&D, molecular biology, and other lab workflows. It operates from Victoria, British Columbia, and serves clients across North America and Europe. Its offerings include lab information management, workflow optimization, and software modernization for scientific and environmental monitoring use cases. It was listed as a ransomware victim associated with onyx. ID 3306

Ackerman Plumbing Inc is a services-sector plumbing contractor based in Sarasota, Florida, serving commercial clients across Florida and providing full-service plumbing work. Its public site describes it as a commercial plumbing contractor headquartered in Sarasota and serving the Tampa-to-Naples corridor. The company operates under the Ackerman Plumbing name and promotes plumbing installation, repair, and maintenance services. It was listed as a ransomware victim associated with onyx. ID 3305