Ransomware Group intelligence
Stormous
ActiveTrack Stormous with 262 published victims and 7 known leak locations in a single intelligence view.
Overview
Stormous is tracked by Breach House as a ransomware group with 262 published victims.
United States is currently the most targeted country in this dataset.
7 known leak locations are currently associated with this group.
Top Countries
Interactive distribution based on the currently visible victims list.
Known Leak Locations (7)
| Label | Type | Availability | Links |
|---|---|---|---|
| Leak location 1 | Onion service | Unknown | 3slz4povugieoi3tw7sblxoowxhbzxeju427cffsst5fo2tizepwatid.onion |
| Leak location 2 | Onion service | Unknown | h3reihqb2y7woqdary2g3bmk3apgtxuyhx4j2ftovbhe3l5svev7bdyd.onion |
| Leak location 3 | Onion service | Unknown | pdcizqzjitsgfcgqeyhuee5u6uki6zy5slzioinlhx6xjnsw25irdgqd.onion |
| Leak location 4 | Onion service | Unknown | stmxylixiz4atpmkspvhkym4xccjvpcv3v67uh3dze7xwwhtnz4faxid.onion |
| Leak location 5 | Onion service | Unknown | pdcizqzjitsgfcgqeyhuee5u6uki6zy5slzioinlhx6xjnsw25irdgqd.onion |
| Leak location 6 | Onion service | Unknown | 6sf5xa7eso3e3vk46i5tpcqhnlayczztj7zjktzaztlotyy75zs6j7qd.onion |
| Leak location 7 | Onion service | Unknown | zib7duoiglvzvnpjs5faly6bio4xhwiby2lupsnxrkjnx46gmwdfyrid.onion |
Top Activity Sectors
No sector intelligence available.
Ransom Notes (0)
▼No ransom notes available for this group.
Tools Used
▼No tools used available.
YARA Rules (0)
▼No YARA rules available.
Indicators of Compromise (0)
▼No IoCs available for this group.
Negotiation Chats (0)
▼No negotiation chats available.
Research Sources
No external research sources linked yet.
Victims (262)
Search, filter and paginate the victim timeline for Stormous. Showing 1–100 of 262.
| Type | Target | Discovered | Country | Business Category | Intel Link |
|---|---|---|---|---|---|
| Ransomware | BN: higuchi-inc Report Error & Warning id30163 View details | Japan | Manufacturing / Engineering | — | |
|
Higuchi-inc is a Japanese company operating in the manufacturing and engineering sector. The company is based in Japan and provides various offerings related to its sector. Higuchi-inc Report Error & Warning was listed as a ransomware victim associated with stormous. |
|||||
| Ransomware | BN: higuchi-inc Report Error & Warning id30163 View details | Japan | Manufacturing / Engineering | — | |
|
www.higuchi-inc.co.jp/newsrelease/company/doc/unauthorized_access_incident.pdf // We have reviewed the report issued by HIGUCHI INC. To correct their mistake: the breach did not affect just one branch, but rather 3 different branches across various regions.Your data has not been leaked yet, as you are currently within an 8-day grace period. Before we publish any of your commercial or personal data, be aware that we possess 102 GB of Sage software backups, alongside numerous commercial documents.We await your reply to our messages. Follow the correct path to ensure nothing is leaked. We are waiting for you. |
|||||
| Ransomware | maglificioliliana.com UPDATE-FULL DATA DUMP FREE PART1 id30070 View details | Retail / E-commerce | — | ||
|
Maglificioliliana.com operates in the retail and e-commerce sector, offering various products and services to its customers. The entity's name suggests it may be based in Italy, given the Italian suffix in its domain name. Maglificioliliana.com UPDATE-FULL DATA DUMP FREE PART1 is associated with a data dump. It was listed as a ransomware victim associated with stormous. |
|||||
| Ransomware | maglificioliliana.com UPDATE-FULL DATA DUMP FREE PART1 id30070 View details | Retail / E-commerce | — | ||
|
Over +10GB GB of data has been accessed and exfiltrated. This includes product designs, historical fashion lines, and technical specifications for garments. Furthermore, we have obtained customer databases from various parts of the world, financial records, commercial contracts, employee data, personal files for all staff members within the network, daily operational documents, and more. |
|||||
| Ransomware | lorenzoni-store.com UPDATE-FULL DATA DUMP FREE PART1 id30071 View details | Retail / E-commerce | — | ||
|
Lorenzoni-store.com operates in the retail and e-commerce sector, offering various products and services to its customers. The entity's name suggests it may be based in Italy, given the Italian surname Lorenzoni, but its exact location is not confirmed. Lorenzoni-store.com UPDATE-FULL DATA DUMP FREE PART1 is associated with a data dump. It was listed as a ransomware victim associated with stormous. |
|||||
| Ransomware | lorenzoni-store.com UPDATE-FULL DATA DUMP FREE PART1 id30071 View details | Retail / E-commerce | — | ||
|
Complete data belonging to customers and buyers has been accessed, along with designs, orders, and other assets. This includes all domains associated with the parent company: maglificioliliana.com/ |
|||||
| Ransomware | montechiaro-store.com UPDATE-FULL DATA DUMP FREE PART1 id30072 View details | Retail / E-commerce | — | ||
|
Montechiaro-store.com operates in the retail and e-commerce sector, offering various products to customers. The entity's name suggests it may be an online store. Montechiaro-store.com UPDATE-FULL DATA DUMP FREE PART1 is associated with a data dump. It was listed as a ransomware victim associated with stormous |
|||||
| Ransomware | montechiaro-store.com UPDATE-FULL DATA DUMP FREE PART1 id30072 View details | Retail / E-commerce | — | ||
|
Complete data belonging to customers and buyers has been accessed, along with designs, orders, and other assets. This includes all domains associated with the parent company: maglificioliliana.com/ |
|||||
| Ransomware | impulso-store.com UPDATE-FULL DATA DUMP FREE PART1 id30073 View details | Retail / E-commerce | — | ||
|
Impulso-store.com operates in the retail and e-commerce sector, offering various products and services to its customers. The entity's name suggests a focus on impulse purchases, catering to a wide range of consumers. Impulso-store.com UPDATE-FULL DATA DUMP FREE PART1 is associated with the retail and e-commerce industry. It was listed as a ransomware victim associated with stormous |
|||||
| Ransomware | impulso-store.com UPDATE-FULL DATA DUMP FREE PART1 id30073 View details | Retail / E-commerce | — | ||
|
Complete data belonging to customers and buyers has been accessed, along with designs, orders, and other assets. This includes all domains associated with the parent company: maglificioliliana.com/ |
|||||
| Ransomware | higuchi-inc.co.jp id30074 View details | Japan | Manufacturing / Engineering | — | |
|
Higuchi-inc.co.jp is a Japanese company operating in the manufacturing and engineering sector. The company is based in Japan and likely provides various products and services related to its sector. Higuchi-inc.co.jp was listed as a ransomware victim associated with stormous |
|||||
| Ransomware | higuchi-inc.co.jp id30074 View details | Japan | Manufacturing / Engineering | — | |
|
(Dallas - HongKong - LosAngeles ) Comprehensive financial statements including Balance Sheets, Asset records, Liabilities, Capital, Accounts Receivable (A/R), and Accounts Payable (A/P) database backups from Sage 50 (formerly Peachtree Accounting software), indicated by the .ptb file extension Corporate data detailing domestic and international inventory tracking, trade checking, and business operations. |
|||||
| Ransomware | HIGUCHI USA, INC id30075 View details | United States | Manufacturing / Engineering | — | |
|
HIGUCHI USA, INC is a US-based company operating in the manufacturing and engineering sector. The company is involved in various activities related to its sector, providing products and services to its customers. HIGUCHI USA, INC was listed as a ransomware victim associated with stormous |
|||||
| Ransomware | HIGUCHI USA, INC id30075 View details | United States | Manufacturing / Engineering | — | |
|
(Dallas - HongKong - LosAngeles ) Comprehensive financial statements including Balance Sheets, Asset records, Liabilities, Capital, Accounts Receivable (A/R), and Accounts Payable (A/P) database backups from Sage 50 (formerly Peachtree Accounting software), indicated by the .ptb file extension Corporate data detailing domestic and international inventory tracking, trade checking, and business operations. |
|||||
| Ransomware | eogb.co.uk id30076 View details | United Kingdom | Energy | — | |
|
eogb.co.uk is a company operating in the energy sector in the United Kingdom. The company provides various services related to the energy industry. eogb.co.uk was listed as a ransomware victim associated with stormous |
|||||
| Ransomware | eogb.co.uk id30076 View details | United Kingdom | Energy | — | |
|
Deep access to Microsoft Dynamics GP containing complete corporate accounting, invoices, vendor details, and commercial transactions.Access to internal legal documents, partnership agreements, and customer contracts (such as CBIF OSMO agreements).Exfiltration of operational spreadsheets, financial reports, and executive documents via corporate |
|||||
| Ransomware | eshacloudqa.com id30077 View details | United States | IT | — | |
|
Eshacloudqa.com is an IT company based in the United States, providing various IT services. The company operates in the IT sector, offering its services to clients in the US. Eshacloudqa.com was listed as a ransomware victim associated with stormous. |
|||||
| Ransomware | eshacloudqa.com id30077 View details | United States | IT | — | |
|
We have breached ESHA Research / ESHA Cloud Services and compromised their core product development databases. The exfiltrated data includes highly confidential industry secrets and formulation data Complete intellectual property containing secret product designs, manufacturing blueprints, and recipes (SupplementFormula, PureFood, FoodGroup).Deep laboratory data, nutritional testing breakdowns, and allergen classification records (SupplementIngredient, Analysis, AllergenGroup, Sensitive registries containing client profiles, user metrics, and market consumer data (Consumer, Activity). |
|||||
| Ransomware | monoprix.tn id30078 View details | Tunisia | Retail / E-commerce | — | |
|
Monoprix.tn is a retail and e-commerce company based in Tunisia, offering various products and services to its customers. The company operates in the retail sector, providing a range of products and services to the local market. Monoprix.tn is listed as a ransomware victim associated with stormous |
|||||
| Ransomware | monoprix.tn id30078 View details | Tunisia | Retail / E-commerce | — | |
|
Data description: Pending update |
|||||
| Ransomware | Official Statement: Protecting palatineschool.org Infrastructure id30079 View details | United States | Education | — | |
|
Palatineschool.org is an educational institution located in the United States, providing various academic programs and services to students. As part of the education sector in the US, it plays a vital role in the community. Official Statement: Protecting palatineschool.org Infrastructure was listed as a ransomware victim associated with stormous. |
|||||
| Ransomware | Official Statement: Protecting palatineschool.org Infrastructure id30079 View details | United States | Education | — | |
|
During our routine network security audits, our team discovered critical structural vulnerabilities within Palatine School, which granted us full, unrestricted access to their central server (PALDC2020). We had the technical capacity to access every directory, including pupil databases ( StudentData NHS NO ) , Pupil Admin - Users -FocusIT) and staff records Personnel.We want to announce that we have locked down this operation and decided to leak absolutely nothing.This is an institution dedicated to children and special needs education. Unlike corporate thieves or ruthless threat actors, we operate with a strict code of ethics: we do not target children, schools, or healthcare facilities.Instead of destroying them, we have chosen to act as an uninvited security audit. We are using our platform to publicly invite the administration of Palatine School to contact us privately. We will provide them with the full technical details of the critical vulnerabilities we discovered and guide them on how to patch their system for free, ensuring they are protected from other ruthless cyber criminals. |
|||||
| Ransomware | mlit.com.my UPDATE-FULL DATA DUMP NEW LINK 10GB id30008 View details | Malaysia | IT | — | |
|
Mlit.com.my is an IT company based in Malaysia, offering various services in the IT sector. The company operates in the Malaysian market, providing IT solutions to its clients. Mlit.com.my was listed as a ransomware victim associated with stormous |
|||||
| Ransomware | mlit.com.my UPDATE-FULL DATA DUMP NEW LINK 10GB id30008 View details | Malaysia | IT | — | |
|
FULL DATA DUMP . The compromised data includes highly sensitive internal operations and financial records. Among the leaked files are complete individual Campaign Profit and Loss (PnL) statements, detailed revenue sheets, clawbacks, and general ledger accounts for several linked entities, including Salesworks Pte Ltd Taiwan Branch and Shaves2u HK Limited. Additionally, we have extracted complete directory trees and file structures from the internal network shares and remote desktop sessions, revealing thousands of corporate folders such as JAG Group, SWGP Excel Import, and various financial databases. |
|||||
| Ransomware | jaggroup.com UPDATE-FULL DATA DUMP NEW LINK id30009 View details | United States | IT | — | |
|
Jaggroup.com operates in the IT sector in the United States, providing various services. The company's specific offerings are not publicly disclosed. Jaggroup.com was listed as a ransomware victim associated with stormous |
|||||
| Ransomware | jaggroup.com UPDATE-FULL DATA DUMP NEW LINK id30009 View details | United States | IT | — | |
|
Full database containing corporate emails (@jaggroup.com), Active Directory domain logins, and clear plain-text passwords.Complete Microsoft Dynamics GP databases, software license keys, financial reports, and system configuration Multiple compressed archives (zBackups.zip, wetransfer packages), SQL server connection data, and IM.mdb database files.Internal project management sheets (Jag Project.xlsx), user listings, purchasing, and sales import logs. |
|||||
| Ransomware | maglificioliliana.com id30010 View details | Italy | Retail / E-commerce | — | |
|
Maglificioliliana.com operates in the retail and e-commerce sector, offering products to customers in Italy. As an online retailer, the company provides various goods and services to its customers. Maglificioliliana.com was listed as a ransomware victim associated with stormous |
|||||
| Ransomware | maglificioliliana.com id30010 View details | Italy | Retail / E-commerce | — | |
|
Over 400 GB of data has been accessed and exfiltrated. This includes product designs, historical fashion lines, and technical specifications for garments. Furthermore, we have obtained customer databases from various parts of the world, financial records, commercial contracts, employee data, personal files for all staff members within the network, daily operational documents, and more. |
|||||
| Ransomware | lorenzoni-store.com id30011 View details | Italy | Retail / E-commerce | — | |
|
Lorenzoni-store.com operates in the retail and e-commerce sector, offering various products to customers in Italy. As an e-commerce platform, it provides online shopping experiences. Lorenzoni-store.com was listed as a ransomware victim associated with stormous |
|||||
| Ransomware | lorenzoni-store.com id30011 View details | Italy | Retail / E-commerce | — | |
|
Complete data belonging to customers and buyers has been accessed, along with designs, orders, and other assets. This includes all domains associated with the parent company: maglificioliliana.com/ |
|||||
| Ransomware | montechiaro-store.com id30012 View details | Italy | Retail / E-commerce | — | |
|
Montechiaro-store.com operates in the retail and e-commerce sector, offering various products to customers in Italy. As an online store, it provides a platform for users to browse and purchase items. Montechiaro-store.com was listed as a ransomware victim associated with stormous |
|||||
| Ransomware | montechiaro-store.com id30012 View details | Italy | Retail / E-commerce | — | |
|
Complete data belonging to customers and buyers has been accessed, along with designs, orders, and other assets. This includes all domains associated with the parent company: maglificioliliana.com/ |
|||||
| Ransomware | impulso-store.com id30013 View details | Mexico | Retail / E-commerce | — | |
|
Impulso-store.com operates in the retail and e-commerce sector, providing online shopping services to customers in Mexico. As an e-commerce platform, it offers various products and services to its customers. Impulso-store.com was listed as a ransomware victim associated with stormous. |
|||||
| Ransomware | impulso-store.com id30013 View details | Mexico | Retail / E-commerce | — | |
|
Complete data belonging to customers and buyers has been accessed, along with designs, orders, and other assets. This includes all domains associated with the parent company: maglificioliliana.com/ |
|||||
| Ransomware | jaggroup.com UPDATE-FULL DATA DUMP id30074 View details | IT | — | ||
|
Full database containing corporate emails (@jaggroup.com), Active Directory domain logins, and clear plain-text passwords.Complete Microsoft Dynamics GP databases, software license keys, financial reports, and system configuration Multiple compressed archives (zBackups.zip, wetransfer packages), SQL server connection data, and IM.mdb database files.Internal project management sheets (Jag Project.xlsx), user listings, purchasing, and sales import logs. |
|||||
| Ransomware | mlit.com.my UPDATE-FULL DATA DUMP 10GB id29999 View details | Malaysia | IT | — | |
|
FULL DATA DUMP . The compromised data includes highly sensitive internal operations and financial records. Among the leaked files are complete individual Campaign Profit and Loss (PnL) statements, detailed revenue sheets, clawbacks, and general ledger accounts for several linked entities, including Salesworks Pte Ltd Taiwan Branch and Shaves2u HK Limited. Additionally, we have extracted complete directory trees and file structures from the internal network shares and remote desktop sessions, revealing thousands of corporate folders such as JAG Group, SWGP Excel Import, and various financial databases. |
|||||
| Ransomware | mlit.com.my id29835 View details | Malaysia | Manufacturing / Engineering | — | |
|
We have successfully breached the internal servers and network infrastructure of MLIT, gaining full unauthorized access to their active Microsoft Dynamics Management Reporter environment and local storage volumes.The compromised data includes highly sensitive internal operations and financial records. Among the leaked files are complete individual Campaign Profit and Loss (PnL) statements, detailed revenue sheets, clawbacks, and general ledger accounts for several linked entities, including Salesworks Pte Ltd Taiwan Branch and Shaves2u HK Limited. Additionally, we have extracted complete directory trees and file structures from the internal network shares and remote desktop sessions, revealing thousands of corporate folders such as JAG Group, SWGP Excel Import, and various financial databases. |
|||||
| Ransomware | katholiekamersfoort.nl UPDATE-FOR SALE id29700 View details | Netherlands | NGOs / Associations | — | |
|
katholiekamersfoort.nl is the online presence of Katholiek Amersfoort, a Roman Catholic parish in Amersfoort, Netherlands, serving faith communities through catechesis, worship, meetings, and pastoral support. The site publishes parish information, contact details, financial notices, and service schedules for locations including the Centraal Secretariaat in Hoogland. Its content reflects an NGO and association profile centered on religious community life and local parish administration. The domain was listed as a ransomware victim associated with stormous. |
|||||
| Ransomware | sa2000.com UPDATE-FULL DATA DUMP id29701 View details | IT | — | ||
|
sa2000.com UPDATE-FULL DATA DUMP refers to a ransomware listing involving SA2000.COM, an IT-sector organization operating in the United States and referenced by reporting as a Canadian target. Public writeups describe the entity as a technology-related company and note that the listing centers on a claimed data-dump incident rather than a confirmed public breach notice. The entry indicates the site was published as part of stormous activity and presented in the context of ransomware pressure. It was listed as a ransomware victim associated with stormous. |
|||||
| Ransomware | SA2000.COM id29597 View details | Saudi Arabia | IT | — | |
|
150 GB of data has been extracted, including: COMPTABILITÉ - FACTURES ACHAT / FACTURES À PAYER / FACTURES MODIFIÉES - Banking Informations SA2000 - PAIEMENTS CLIENTS - CLIENTS / PO CLIENTS - FOURNISSEUR / TRANSPORTEURS - EMPLOYÉS / EMBAUCHE - ACTIONNAIRES - COURRIEL / DOCUMENTS ***.There is still an opportunity to communicate and resolve this situation. We are currently awaiting the company's ! |
|||||
| Ransomware | katholiekamersfoort.nl id29573 View details | Netherlands | NGOs / Associations | — | |
|
The church website's network (katholiekamersfoort.nl/) has been breached, resulting in the exfiltration of over 10 GB of data. This data pertains to donors, staff, and the personal information of a large number of individuals. The compromised data includes: Databases and Personally Identifiable Information (PII), internal network shares and document, contact lists, board and committee data, as well as system metadata. |
|||||
| Ransomware | vspsolutions.com.au FULL DATA DUMP id29332 View details | Australia | Other | — | |
|
VSP Security Wholesale is an Australian-owned and independently operated distributor specializing in video security products, established in 1993. The company operates across multiple states including NSW, QLD, VIC, WA, and SA, serving as a trusted supplier of video security product solutions. It partners with world-leading security and IT brands to deliver comprehensive video security offerings. The business was listed as a ransomware victim associated with the threat actor stormous. This listing reflects the company's exposure to cyber threats in the security sector. |
|||||
| Ransomware | ttt.vn UPDATE-FULL DATA DUMP id29138 View details | Viet Nam | Public Sector | — | |
|
$900k to Solve the Problem 5TB — While TTT Company was preoccupied with designing luxurious interiors and architectural masterpieces, they completely overlooked the design of a secure network. We have spent enough time within their internal infrastructure to conclude that their security is incredibly fragile. We have successfully exfiltrated all of the company's data and now possess 5 TB of the most sensitive information, including complete blueprints and CAD designs for prestigious clients (Toyota showrooms, gyms, luxury resorts, and government projects). We have accessed every employee's personal drive, including IDs, passports, and private medical records. Furthermore, we hold confidential contracts, tax reports (BCTC), internal financial audits, and detailed security schematics for client buildings. |
|||||
| Ransomware | vspsolutions.com.au SAMPLE-FREE 20GB id29139 View details | Australia | Other | — | |
|
+40G Full Financial Backups (Quickbooks & Reckon)-Email Archives & Staff Personal Folders-Customer/Client Databases (Installers & Integrators nationwide)-Shipment & Order Tracking for major brands like Hikvision & Axis. |
|||||
| Ransomware | FANASA.COM UPDATE-FULL DATA DUMP id29071 View details | Other | — | ||
|
FANASA.COM refers to FANASA, a Mexican company based in Nuevo León that operates in high-requirement metal stamping for automotive, appliance, and other industrial segments. Public company profiles also place its operations in Monterrey and describe exports to the United States and Brazil. The company presents itself as established in 1971 and focused on product quality and service for industrial customers. It was listed as a ransomware victim associated with stormous. |
|||||
| Ransomware | arc-reins.com + fidelityunited.ae UPDATE-FULL DATA DUMP id29072 View details | United Arab Emirates | Finance / Legal / Insurance | — | |
|
We have gained full control over 700 GB of data, which includes: meticulous compliance audit data, complete Bank details for ARC, legal licenses, tax documents, and official contracts, as well as KYC and KYC TOBA files for all partners.Additionally, personal data for all employees has been extracted, including passports, ID cards, emails, career details, personal documents, and contracts for managers and internal communications. The breach also covers the marine insurance archive with all its deals in the Middle East, property insurance, civil liability, and risk insurance, in addition to monthly and annual quality control reports and collective agreements with major international partners.We have full control over administrative data, business travel logs, passwords, and DC client lists, along with all internal correspondence, digital identities, and official company signatures. The data also includes a list of major clients and thousands of personal information records for Fidelity and ARC brokers, including their full personal details. All of this and more, totaling 600 GB of secrets. |
|||||
| Ransomware | ams-group.co.uk FULL DATA DUMP 33GB id29001 View details | United Kingdom | Finance / Legal / Insurance | — | |
|
The extracted data comprises administrative and financial records, payroll sheets, and client and partner directories, alongside technical and engineering specifications, employee records, and business plans. It also includes architectural designs, official contracts, detailed engineering reports, and construction site maps, as well as risk assessments, internal correspondence, and tax and legal information. |
|||||
| Ransomware | ttt.vn TTT Corporation id28826 View details | Viet Nam | Construction / Real Estate | — | |
|
$900k to Solve the Problem 5TB — While TTT Company was preoccupied with designing luxurious interiors and architectural masterpieces, they completely overlooked the design of a secure network. We have spent enough time within their internal infrastructure to conclude that their security is incredibly fragile. We have successfully exfiltrated all of the company's data and now possess 5 TB of the most sensitive information, including complete blueprints and CAD designs for prestigious clients (Toyota showrooms, gyms, luxury resorts, and government projects). We have accessed every employee's personal drive, including IDs, passports, and private medical records. Furthermore, we hold confidential contracts, tax reports (BCTC), internal financial audits, and detailed security schematics for client buildings. |
|||||
| Ransomware | or-technology.com id28788 View details | Germany | Healthcare / Medicine | — | |
|
Financial & Sales Intelligence ، Sales Statistics by Quarter (Q1, Q2, Q3, Q4)، Corporate & Strategic Planning ، SQL ، Project Reports |
|||||
| Ransomware | FANASA.COM id28789 View details | Mexico | Healthcare / Pharma | — | |
|
Personally Identifiable Information (PII), Electronic Fiscal Documents (CFDI/XML), Financial Transaction Records, Commercial Invoices & Billing Data, Taxpayer Identification Numbers (RFC), Client & Vendor Database/Internal Corporate Documentation |
|||||
| Ransomware | cgcsa.co.za id28790 View details | South Africa | NGOs / Associations | — | |
|
endor & Corporate Data ( Name-Email-Numbers/PMS NAME ), Financial Accounting Records , sales Order Reports , Database Systems , SQL Server , Sage 200 Evolutuion SQL, operational Security Data، Full Sage 200 Evolution backups including all transaction history, tax records, and payroll.CRM & Legal Archives Over 151,000 sensitive documents, contracts, and internal communications from the CRM database.Full access to GS1 South Africa SharePoint, including GDSN protocols and partnership data with global entities like Unilever, Nestle, and L'Oreal.Complete PII (Personally Identifiable Information) of administrative staff and executive members, including private emails and mobile numbers. |
|||||
| Ransomware | Ministerio de Cultura de la Republica de Cuba - STORMOUS + GhostSec id28777 View details | Cuba | — | — | |
|
The triumph of the Cuban Revolution, government cultural functions were performed by the Department of Culture, Ministry of Education. In 1961 the National Council for Culture was founded. |
|||||
| Ransomware | Ministry of Energy and Mines (Cuba) - STORMOUS + GhostSec id28778 View details | Cuba | — | — | |
|
Ministry of Energy and Mines. Ministry created on December 3, 2012 as an agreement of a meeting of the Council of Ministers of the Republic of Cuba. |
|||||
| Ransomware | www.kai.id (FF) id28779 View details | Indonesia | — | — | |
|
PT Kereta Api Indonesia is the national railway company in Indonesia, also known as Kereta Api. It is responsible for operating train services throughout the country. |
|||||
| Ransomware | Abelsantosyasoc.com.ar (FF) id28780 View details | Argentina | — | — | |
|
Our activities cover the regulatory, technical, medical, marketing, building and administrative management aspects of companies dedicated to the manufacturing and/or marketing of pharmaceutical, cosmetic, dental, biomedical, mass consumption, household health products. |
|||||
| Ransomware | calcomp.co.th id28781 View details | Thailand | — | — | |
|
Cal-Comp is the largest Electronics Manufacturing Services (EMS) Company in Thailand and Southeast Asia, providing manufacturing services in OEM and ODM across a variety of products for clients that are mostly exported worldwide |
|||||
| Ransomware | fractal id28782 View details | GERMANY | — | — | |
|
web.fractal.id/ |
|||||
| Ransomware | transak id28783 View details | United Kingdom | Public Sector | — | |
|
transak.com/ |
|||||
| Ransomware | uatf id28784 View details | Bolivia, Plurinational State of | Education | ||
|
uatf.edu.bo/ |
|||||
| Ransomware | biodimed id28785 View details | ECUADOR | Other | ||
|
biodimed.com/ |
|||||
| Ransomware | ascires.com id28786 View details | United Kingdom | — | — | |
|
Client Data - Medical Reports - Financial Status (Bank reports, taxes, and more) - Annual Accounts - Personal Information - New Projects - Large amounts of patient-related data - Business plans and much more - a total of 700 GB of critical information! |
|||||
| Ransomware | vouch.co.uk id28787 View details | United Kingdom | — | — | |
|
Vouch does not protect its customers' data at all and stores it poorly. Many users' data, including KYC information, UK ID cards, email addresses, phone numbers, full names, and more, have been extracted. Approximately 3GB of data was collected. |
|||||
| Ransomware | vouch.co.uk + KYC UK id28788 View details | United Kingdom | — | — | |
|
Vouch does not protect its customers' data at all and stores it poorly. Many users' data, including KYC information, UK ID cards, email addresses, phone numbers, full names, and more, have been extracted. Approximately 3GB of data was collected. |
|||||
| Ransomware | Details of bank card data for over 50,000 Moroccan id28789 View details | Morocco | — | — | |
|
Details of bank card data for over 50,000 Moroccan individuals from 5 different Moroccan banks for sale: Cardholder's name / Card number / Expiry date / Security code... ** For more details, you can contact support to receive full information. |
|||||
| Ransomware | Welcome to phish.pw id28790 View details | — | — | ||
|
A forum created by the operators of Stormous and many of their affiliates, including members from Lapsus$, GhostSec, RedRaas, and others. This forum offers the latest phishing techniques and social engineering methods used in cutting-edge hacking strategies. |
|||||
| Ransomware | FRANCE TRAVAIL DATA BREACH - 2025 id28791 View details | France | — | — | |
|
Plaintext authentication credentials (usernames/passwords)-(full names, dates of birth, gender)-(addresses, phone numbers, emails)-Employment history and professional skills-CNI-RIB - CDD, CDI, temporary missions - Tax documents - Social security attestations - Training certificates - Work authorization documents and more.... |
|||||
| Ransomware | americanadecolchones id28792 View details | Mexico | — | — | |
|
VPN access to the company's internal network is provided. |
|||||
| Ransomware | visioninksltd id28793 View details | United Kingdom | — | — | |
|
Vision Inks and Resins Limited (previously known as Vision Inks & Resins) is established in May 1999 with Factory at MIDC, Murbad, Maharashtra INDIA... |
|||||
| Ransomware | Sincroslab Sas id28794 View details | Italy | — | — | |
|
Sincroslab Sas is a company in Colombia, with a head office in Bogota D.C.. It operates in the Miscellaneous Nondurable Goods Merchant Wholesalers industry. |
|||||
| Ransomware | Important Announcement id28795 View details | — | — | ||
|
Nova Ransomware-DevMan Ransomware-CoinBaseCartel-RADAR Ransomware-Desolator Ransomware-Kryptos Ransomware |
|||||
| Ransomware | bulentklise id28796 View details | TURKEY | — | — | |
|
Customer names, identification numbers, production orders, client records, delivery tracking data, customer information, logos, and more |
|||||
| Ransomware | rinaldi id28797 View details | CANADA | — | — | |
|
Data of 1,000 registered distributors and sellers employee and customer information - admin login passwords - email addresses, phone numbers, full names - and more... |
|||||
| Ransomware | thewatermansarms id28798 View details | United Kingdom | — | — | |
|
CVs - Bank - VCF - Business accounts - image - SCAN - Passport Details - ID Card -...... |
|||||
| Ransomware | atolon-parkhotel id28799 View details | Germany | — | — | |
|
CVs - FACTURES - Hwawei.com - AA GROUPE 2025 - RESERVATION 2025 - PERSONNELS - INFOS - STAGIAIRES..... |
|||||
| Ransomware | Hy-Vee id28800 View details | United States | — | — | |
|
Hy-Vee refuses to pay, and we are proceeding to leak all the data that was extracted. Internal documents, infrastructure diagrams, employee data, training materials.... |
|||||
| Ransomware | crystalhotels id28801 View details | TURKEY | — | — | |
|
Full names of hotel guests, Email addresses (internal and external), Customer complaints and feedback content, Booking or reference numbers, Internal hotel communication data... |
|||||
| Ransomware | jparkislandresort id28802 View details | Singapore | — | — | |
|
Full reservation databases Booking platform references (including HeyTripGo) Payment Data PDF files containing credit card numbers, expiration dates and CVV codes Scans of physical card images used in transactions Names and billing addresses linked to card... |
|||||
| Ransomware | regencyrestors id28803 View details | United States | — | — | |
|
Full customer reservation databases (names, phones, emails, addresses, booking dates) Scanned ID documents (passports, national IDs) Internal emails via OWA Employee and customer email lists RDP credential files |
|||||
| Ransomware | regencycountryclub id28804 View details | United States | — | — | |
|
Full customer reservation databases (names, phones, emails, addresses, booking dates) Scanned ID documents (passports, national IDs) Internal emails via OWA Employee and customer email lists RDP credential files |
|||||
| Ransomware | regencytorviscas id28805 View details | SPAIN | — | — | |
|
Full customer reservation databases (names, phones, emails, addresses, booking dates) Scanned ID documents (passports, national IDs) Internal emails via OWA Employee and customer email lists RDP credential files |
|||||
| Ransomware | enersolcr id28806 View details | Costa Rica | — | — | |
|
Internal Data - System Data - 73 Partner Data - Customer Data (Email, Name, Phone Number) - Admin Data and Their Roles, etc.... |
|||||
| Ransomware | acuity id28807 View details | United States | Other | — | |
|
This includes important legal documents such as drafts of non-disclosure agreements (NDA) pertaining to the company and strategic partners like Bosch, detailed financial documents containing analyses of Acuity's financial position |
|||||
| Ransomware | VPN Access Sale id28808 View details | — | — | ||
|
VPN access to the company's internal network is provided |
|||||
| Ransomware | holidaypalace id28809 View details | Macao | — | — | |
|
All of this data is offered for sale (user information: email, phone number, full name, date of birth / payment and booking data / ID cards and passports used in booking processes / full access was obtained to the system and all data was extracted). |
|||||
| Ransomware | bkcolombia id28810 View details | Colombia | — | — | |
|
(Folders/Files) Email/Communication/System/Application Data AYEAPLICACIONES database/Log Data BDATOSFITCLOD, Software/Installation/Program Files AUTOBOU, Personal/Miscellaneous Files AvenaCubana |
|||||
| Ransomware | arc-reins.com + fidelityunited.ae id28326 View details | United Arab Emirates | Finance / Legal / Insurance | — | |
|
We have gained full control over 700 GB of data, which includes: meticulous compliance audit data, complete Bank details for ARC, legal licenses, tax documents, and official contracts, as well as KYC and KYC TOBA files for all partners.Additionally, personal data for all employees has been extracted, including passports, ID cards, emails, career details, personal documents, and contracts for managers and internal communications. The breach also covers the marine insurance archive with all its deals in the Middle East, property insurance, civil liability, and risk insurance, in addition to monthly and annual quality control reports and collective agreements with major international partners.We have full control over administrative data, business travel logs, passwords, and DC client lists, along with all internal correspondence, digital identities, and official company signatures. The data also includes a list of major clients and thousands of personal information records for Fidelity and ARC brokers, including their full personal details. All of this and more, totaling 600 GB of secrets. |
|||||
| Ransomware | www.goodmanmfg.com id24612 View details | United States | Communication / Marketing | — | |
|
Administrative/System Files/ADMIN, DOAS,General operational, administrative records, and potential system configuration files /Proprietary Engineering Drawings/IP/Highly specific technical documents, schematics, and design files (Intellectual Property). The (MklUp) indicates marked-up or working drafts.Product Line/System Data /RoofTop Systems Folder, Goodman Models, Goodman 12.5 /Confidential information related to specific product lines,Systematically numbered Bitmap image files (BMP), which function as internal references for parts, components, or quality checks/Goodman LC |
|||||
| Ransomware | www.futureal.hu id24611 View details | Hungary | Communication / Marketing | — | |
|
Project Planning & Execution Documents - AKTUALIS KIVITELI TERVEK (Folder)/ Confidential Contract/Scope/Munkaterelhatarolas Proprietary Technical Specifications Melyepites Safety/Compliance/Standards S&C and more ..... |
|||||
| Ransomware | www.bkcolombia.org id24610 View details | Colombia | Communication / Marketing | — | |
|
(Folders/Files) Email/Communication/System/Application Data AYEAPLICACIONES database/Log Data BDATOSFITCLOD ( Software/Installation/Program Files AUTOBΟΥ Personal/Miscellaneous Files AvenaCubana ) |
|||||
| Ransomware | www.holidaypalace.com id24609 View details | Cambodia | Communication / Marketing | — | |
|
All of this data is offered for sale (user information: email, phone number, full name, date of birth / payment and booking data / ID cards and passports used in booking processes / full access was obtained to the system and all data was extracted). |
|||||
| Ransomware | ! id23734 View details | Telecommunications | — | ||
|
VPN access to the company’s internal network is provided |
|||||
| Ransomware | www.wilmar.co.id id23668 View details | Indonesia | Telecommunications | — | |
|
VPN access to the company’s internal network is provided |
|||||
| Ransomware | www.danareksa.com id23667 View details | Indonesia | Telecommunications | — | |
|
VPN access to the company’s internal network is provided |
|||||
| Ransomware | www.marjane.ma id23666 View details | Morocco | Retail / E-commerce | — | |
|
Marjane Group is a Moroccan retail group that owns the Marjane hypermarkets and Marjane Market supermarkets. Founded in 1990, Marjane has gradually become the largest retail company in Morocco |
|||||
| Ransomware | French Government id23416 View details | France | Public Sector | — | |
|
Stealer-type breach Valid credentials, sensitive access |
|||||
| Ransomware | Volkswagen id23415 View details | Germany | Other | — | |
|
CarNet system breach Internal data accessed |
|||||
| Ransomware | usbmemorydirect.com id23414 View details | United States | Communication / Marketing | — | |
|
Personal data (individual names, photos, etc.), company/business data (company names, services, tools, equipment), backup copies, system archive compressed files, internal documents and project files, and more. |
|||||
| Ransomware | www.sincroslab.com id23413 View details | Spain | Services | — | |
|
Sincroslab Sas is a company in Colombia, with a head office in Bogota D.C.. It operates in the Miscellaneous Nondurable Goods Merchant Wholesalers industry. |
|||||
| Ransomware | www.visioninksltd.in id23412 View details | India | Manufacturing / Engineering | — | |
|
Vision Inks and Resins Limited ( previously known as Vision Inks & Resins ) is established in May 1999 with Factory at MIDC, Murbad, Maharashtra INDIA having ... |
|||||
| Ransomware | www.americanadecolchones.com id23411 View details | Colombia | Telecommunications | — | |
|
VPN access to the company’s internal network is provided. |
|||||