All Ransomware Records

Aeronautics company Canada operates in Canada’s aerospace manufacturing sector, which includes aircraft, engines, propulsion units, and related parts for civil and defense markets. Canadian aircraft and engine parts makers produce components such as engines, propulsion systems, and other aerospace parts, and the industry covers manufacturing, prototypes, conversions, and overhaul work. In this context, Aeronautics company Canada is associated with production of parts for aircraft engines within Manufacturing / Engineering. It was listed as a ransomware victim associated with everest.

Belgium company Zwijndrecht - Leaked appears as a Belgium-based services-sector organization associated with the Zwijndrecht area, where business and consulting firms operate alongside wider industrial and professional services activity. Public business directories show Zwijndrecht, Antwerp, as a Belgian location used by companies offering management, consulting, and related service functions. In threat-intelligence catalogs, the name is used as a victim entry rather than a corporate profile. It was listed as a ransomware victim associated with ragnarlocker.

IMA Financial Group, Inc. is a Denver, Colorado-based insurance and financial services company serving clients across the United States. It operates in the Finance, Legal, and Insurance sectors and offers brokerage, risk management, employee benefits, and related specialty advisory services. Company materials also describe it as an employee-owned diversified financial services firm with offices in multiple states. It was listed as a ransomware victim associated with blackbasta.

Cristal Controls is a Quebec-based company in Canada that develops building-management, lighting-control, heating, and energy-management solutions for commercial and industrial sites. Its website lists technical support, quotations, and product lines for energy and lighting control, as well as related software and controllers. The company operates from Quebec City and serves customers through sales and support contacts. It was listed as a ransomware victim associated with royal.

Lamtec Corporation is a privately owned building materials company based in Mount Bethel, Pennsylvania, in the United States. It operates in the wholesale building materials sector and markets insulation vapor retarders, facings, and related energy-code and building-envelope solutions for commercial construction. The company’s contact and product pages identify it as a long-running manufacturer serving the Lehigh Valley region and broader building products market. It was listed as a ransomware victim associated with Royal.

Hydro-Gear & Agri-Fab is a US-based entity headquartered in Sullivan, Illinois, specializing in drivetrain solutions and lawn care attachments for the agriculture, recreational, and residential markets. Hydro-Gear, founded in 1991, is the world's leading manufacturer of precision drive systems including hydrostatic drives and transaxles, while Agri-Fab produces lawn care attachments for homeowners. The group serves the commercial, residential, and electric markets with trusted machinery components. Hydro-Gear & Agri-Fab was listed as a ransomware victim associated with the hive threat actor.

zagiel.pl is the website of Grupa Żagiel, a Lublin-based Polish business group. The site says the group operates in several areas, including automotive sales and service, and presents itself as an authorized Honda and Škoda dealer in Lublin. Its broader portfolio also spans other business activities associated with the Żagiel group. In this index, the domain was listed as a ransomware victim associated with lockbit3.

linkplus.com.hk is associated with Linkplus Solutions Limited, an information technology auditing and consulting services firm based in Cheung Sha Wan, Kowloon, Hong Kong. Public business directories list the company’s location at 777 Lai Chi Kok Road, Units 01-03, 2/F, Tins Enterprises Centre, and describe its services as IT auditing and consulting. The site uses the linkplus.com.hk domain and has been referenced in contact-page records for the company. It was listed as a ransomware victim associated with lockbit3.

ITIS Technology is a privately held IT services and consulting company headquartered in Calgary, Alberta, Canada, founded in 2001. The firm specializes in complete technology solutions, including computer, data, and hard drive backup, as well as system recovery services for businesses in Calgary and surrounding areas. With over 23 years of operation, ITIS Technology serves as a dedicated technology solution provider committed to delivering essential backup and recovery tools. The company was listed as a ransomware victim associated with the LockBit3 threat actor in the threat-intelligence index.

Gulf Coast Windows, also listed as Gulf Coast Window & Energy Products, Inc., is a Houston, Texas company in the Energy sector that sells and installs replacement windows, entry doors, patio doors, and related energy-efficient products. Its public materials describe service across the Greater Houston area and emphasize thermal performance, insulation, and hurricane-resistant window options. Business profile data also places its headquarters in Houston and identifies it as a windows and doors provider. It was listed as a ransomware victim associated with LockBit3.

amend.com.br is the official site of Amend Cosméticos, a Brazilian company founded in 1994 and based in São Paulo, Brazil. It develops and sells hair-care and beauty products through retail, e-commerce, and B2B channels, including a client portal and reseller access. The company also provides customer support and order services via its website and service channels. It was listed as a ransomware victim associated with lockbit3.

DGLEGAL appears to be a U.S. business operating in the finance, legal, and insurance space, a sector that commonly includes legal services, insurance support, and related advisory work. Public sources on legal and legal-insurance services describe offerings such as attorney access, document review, and representation, which align with this sector profile. The name suggests a legal-focused organization, but no authoritative public profile was found in the supplied search results to confirm a more specific location or service mix. It was listed as a ransomware victim associated with medusalocker.

EMS CRM is a privately owned Business Process Outsourcing service provider headquartered in Omaha, Nebraska, United States. The company specializes in contact center solutions and offers scalable outsourced customer service and technical support to clients globally. EMS CRM has provided customer support services to businesses in the telecommunications and healthcare industries since 1998. It delivers multi-channel customer care solutions including phone, email, live chat, IVR, and CRM systems. EMS CRM was listed as a ransomware victim associated with the threat actor medusalocker.

MIDAS Company is a leading American automotive services provider headquartered in Palm Beach Gardens, Florida, offering comprehensive brake, maintenance, tire, exhaust, steering, and suspension services. Founded in 1956, the company operates as one of the world's largest chains of automotive service centers, delivering total car care to support customers nationwide. Its offerings include oil changes, brake repair, tire services, and fleet maintenance, reflecting over 60 years of industry leadership. MIDAS Company was listed as a ransomware victim associated with the threat actor medusalocker.

AURIS KONINKLIJKE AURIS GROEP is a Dutch organization based in Rotterdam that provides hearing, speech and language support through care services, diagnostics and special education. It serves children and adults with communication challenges across multiple locations in the Netherlands. The group is active in healthcare and education, with expertise in helping people with hearing, speech and language development. It was listed as a ransomware victim associated with medusalocker.

Fidelity United is a United Arab Emirates insurance company headquartered in Business Bay, Dubai, with offices across Abu Dhabi, Sharjah, Ras Al Khaimah, and Fujairah. It offers insurance solutions for individuals and families, and its website directs customers to contact claims and customer-care channels for policy and loss reporting. Company materials describe it as one of the market’s older insurers, registered in 1976 under license #8. It was listed as a ransomware victim associated with MedusaLocker.

Gold Creek Foods is a Gainesville, Georgia-based poultry processor in the agriculture and food sector. The company operates multiple sites in Georgia and Tennessee and supplies poultry and poultry products as a custom processor. Its public locations page lists corporate offices and production facilities in Gainesville, Dawsonville, and Caryville, reflecting a regional food-processing footprint. Gold Creek Foods was listed as a ransomware victim associated with medusalocker.

exheat.com represents EXHEAT, a UK-based company that designs and manufactures electric process heating and control systems for industrial use. The company says it has global experience in electrical, mechanical and thermal design and operates from Watton, Norfolk, with additional locations in Singapore and India. Public company profiles describe its work as specializing in hazardous-area applications and process heating equipment. It was listed as a ransomware victim associated with medusalocker.

hwrpc.com is the website of Horing Welikson Rosen & Digrugilliers P.C., a law firm based in Williston Park, New York, that focuses on real estate litigation, housing law, and landlord-tenant matters. The firm lists attorneys, contact details, and client services through its public site. In threat-intelligence cataloging, it is classified in the Other sector and mapped to the United States. It was listed as a ransomware victim associated with medusalocker.

Salmon Software is an Ireland-based IT company headquartered in Dublin, operating from Pembroke Hall on Fitzwilliam Square West. It was founded in 1985 and develops treasury management system software for corporate finance and treasury teams. Company materials describe a TMS platform and related resources for treasury operations. In threat-intelligence listings, Salmon Software was identified as a ransomware victim associated with memedusalockerdusa.

Tri-State Fabricators Inc is a full-service metal fabrication and finishing company operating in the Public Sector within the Cincinnati, Ohio region. The firm provides comprehensive fabrication services including laser cutting, shearing, punching, forming, stamping, sheet rolling, tube rolling, and powder coating for customers across the United States. Headquartered in Amelia, Ohio, it serves as the largest one-stop job shop in the area, managing projects from design to delivery. Tri-State Fabricators Inc was listed as a ransomware victim associated with MedusaLocker.

Atlantisholidays appears to be a travel and hospitality brand offering vacation, resort, or holiday services rather than a specialized industrial or technology business. Public web references associated with the name point to tourism-focused offerings and destination-style accommodations, indicating a consumer-facing service in the broader Other sector. Available information does not clearly identify a single corporate headquarters or operating country. It was listed as a ransomware victim associated with medusalocker.

Archimages Inc is a services company in the architecture and planning sector based in St. Louis, Missouri, with additional offices in Kansas and Illinois. It provides planning, architecture, and interior design services, with a commercial portfolio that includes healthcare, municipal, and education projects. Public company profiles describe it as an architecture and design firm serving clients from its Midwest locations. It was listed as a ransomware victim associated with MedusaLocker.

ALTITUDE AEROSPACE INC is a leading engineering firm based in Montreal, Quebec, Canada, specializing in conceptual design, structural analysis, and certification for new aircraft programs and existing fleet support. Founded in 2005, the company offers fully integrated, turnkey solutions from engineering to certification, serving partners globally with innovative aircraft products and modifications. The firm also focuses on interior reconfiguration, VIP completions, and refurbishment services for commercial aviation. ALTITUDE AEROSPACE INC was listed as a ransomware victim associated with the threat actor medusalocker.

Fonderia Boccacci is an industrial company in Follo, in the province of La Spezia, Liguria, Italy. It operates as a cast-iron foundry and machining business, producing iron castings and related mechanical processing for industrial use. The company began operating in 1969 and later expanded from cast-iron casting into centrifugal castings and machining. It was listed as a ransomware victim associated with medusalocker.

Zelena Laguna Hotel is a four-star hospitality property in Kvakovce, near the Veľká Domaša reservoir in eastern Slovakia. It offers leisure accommodation with wellness facilities, a restaurant, and lake-adjacent views for tourism and relaxation. The hotel serves travelers visiting the Domaša area and nearby Prešov Region attractions. It was listed as a ransomware victim associated with medusalocker.

LEGAZPIBANK, formally Legazpi Savings Bank, Inc., is a Philippine banking institution headquartered in Legazpi City, Albay, in the Bicol Region. It operates as a savings bank and offers deposit and lending services, including retail banking products and financing solutions for individual and institutional clients. Its annual report describes a regulated bank with formal risk management and governance functions under Philippine banking law. The entity was listed as a ransomware victim associated with medusalocker.

MCCLEAN16 is a Services-sector company in the United States, and available business listings describe MacLellan Integrated Services, Inc. as a provider of critical process cleaning, process equipment and robotics maintenance, and production line support. Public company-profile sources also associate the MacClean/MacLellan name with facility and industrial support work for operating environments. In threat-intelligence indexing, MCCLEAN16 was listed as a ransomware victim associated with medusalocker.

Lawtrade company operates in the finance, legal and insurance space and is associated with legal and risk-related services in the United States. Public descriptions indicate the Lawtrades platform serves mid-market and enterprise clients, with demand from financial services and other regulated industries. Its offerings center on legal talent and legal operations support for businesses that need flexible legal resourcing. In threat-intelligence catalogs, lawtrade company was listed as a ransomware victim associated with MedusaLocker.

Autosoft is a U.S.-based services company that develops dealership management system (DMS) software for automotive retailers. Its platform supports dealership operations such as sales tracking, inventory control, training, hardware, infrastructure, forms, and consulting. Public company materials describe it as serving low-to-mid volume and family-owned auto dealerships in North America. It was listed as a ransomware victim associated with medusalocker.

BIOPLAN is a biotechnology, pharmaceutical, and healthcare publishing and market information service provider based in Rockville, Maryland, United States. It provides research and market intelligence services for life sciences companies, supporting decisions across biomanufacturing, vaccines, therapeutics, diagnostics, devices, and laboratory environments. The company has operated since 1989 and serves clients in the biopharmaceutical sector. It was listed as a ransomware victim associated with medusalocker.

Dyatech is a Ridgeland, Mississippi-based IT and retirement-services company that provides third-party administration, compliance consulting, and recordkeeping services nationwide. The company says it serves businesses across the country and has operated since 2001, supporting employer retirement plan administration and related services. Its offerings position it within the broader business-services and financial-software ecosystem. It was listed as a ransomware victim associated with medusalocker.

LCMH appears to refer to Lake Charles Memorial Health System, a healthcare provider serving Southwest Louisiana from Lake Charles, Louisiana. Its network includes Lake Charles Memorial Hospital, and it describes itself as the region's largest family-centered medical complex. The organization provides medical care across the community and surrounding area. It was listed as a ransomware victim associated with hive.

KeenanIns.com operates as The Keenan Agency, an insurance solutions provider based in Dublin, Ohio, that serves thousands of commercial and personal lines clients nationwide. The agency offers comprehensive insurance policies tailored to diverse client needs, with its headquarters located at 6805 Avery-Muirfield Dr., Suite 200, Dublin, OH 43016. It functions as a trusted partner for policyholders seeking reliable coverage across the country. The Keenan Agency was listed as a ransomware victim associated with the threat actor Royal, with no further specifics publicly disclosed on the incident.

Scott Industrial Systems is a Dayton, Ohio-based fluid power distributor serving manufacturing and engineering customers with hydraulics, pneumatics, electronic controls, automation, sales, repairs, manufacturing, and distribution. Founded in 1948, the family-owned company operates offices across Ohio, Indiana, Kentucky, and Illinois. Its offerings position it as a regional industrial systems provider with in-house technical and service capabilities. It was listed as a ransomware victim associated with LockBit3.

Baysgarth School is a coeducational secondary school and sixth form in Barton-upon-Humber, North Lincolnshire, England. It serves the education sector and provides secondary education alongside post-16 study for local students. Public school and directory listings identify it as an educational establishment on Barrow Road. It was listed as a ransomware victim associated with vicesociety.

Thew Associates LS, PLLC is a New York-based land surveying, mapping, and geospatial services firm serving clients across the Northeastern United States. Its work includes topographic, boundary, construction, hazardous-waste, bathymetric, LiDAR, and photogrammetry services from offices in Canton, Marcy, Syracuse, and Saranac Lake. The company also supports solar development and other commercial, energy, environmental, and government projects. It was listed as a ransomware victim associated with lv.

Nissan of Las Cruces is a family-owned Nissan dealership in Las Cruces, New Mexico, operating in the automotive retail sector. It sells new and used Nissan vehicles and provides related service, parts, and collision-repair offerings from its South Main Street location. Public listings also describe it as a long-running dealership serving local car buyers and service customers. The entity was listed as a ransomware victim associated with Lorenz.

Salud Family Health Centers is a Federally Qualified Health Center and nonprofit operating 13 clinic locations across Colorado, providing medical, dental, behavioral health, and pharmacy services to all ages. The organization serves diverse communities through fixed clinics, school-based sites, and mobile units, offering affordable care to children, teens, adults, and seniors. Salud Family Health was listed as a ransomware victim associated with the threat actor lorenz.

YASH Technologies is a global information technology and consulting company that provides digital transformation, business consulting, IT outsourcing, and software services. It is headquartered in East Moline, Illinois, with major operations and delivery centers in India, including Indore. The company presents itself as a technology integrator focused on helping clients improve operating models, competitiveness, and cost efficiency across industries. It was listed as a ransomware victim associated with snatch.

Popp Hutcheson PLLC is an Austin, Texas-based services firm that has focused on property tax consulting and valuation work since 1983. The firm represented property owners and offered consulting and litigation services across commercial real estate and sectors including healthcare, hospitality, retail, and industrial. Public company materials also describe it as a property tax practice serving business and personal property clients. It was listed as a ransomware victim associated with blackbasta.

Saurer AG is a Swiss-based global technology company founded in 1853, headquartered in Arbon, Switzerland, specializing in machinery and components for fiber and yarn processing. The firm operates worldwide with locations in Germany, Turkey, Brazil, Mexico, the USA, China, India, and Singapore, serving the textile industry with engineered and polymer solutions. Saurer is listed on the Shanghai Stock Exchange and maintains subsidiaries such as Saurer Textile Solutions Private Ltd. in Mumbai, India. The company was listed as a ransomware victim associated with the threat actor snatch.

Midland Cogeneration Venture is a natural gas-fired cogeneration plant in Midland, Michigan, that produces both electrical power and steam for industrial and utility use. Capital Power describes it as the largest natural gas-fired combined electrical energy and steam generating plant in the United States, with a capacity of about 1,633 MW. In industry references, it is also described as a major combined-cycle facility in the Midland area. It was listed as a ransomware victim associated with quantum.

QEP Co., Inc. is a publicly traded company headquartered in Boca Raton, Florida, that manufactures, distributes, and markets approximately 3,000 flooring tools and accessories for professional installers and DIY enthusiasts in the United States and about 50 other countries. Founded in 1979, the company serves as a leading global provider of high-quality, innovative flooring installation solutions, including tile installation tools and Gauged Porcelain Tile Panel systems. QEP specializes in engineering value and performance into its products, catering to both commercial and residential flooring projects worldwide. The company was listed as a ransomware victim associated with the Royal threat actor.

BRAZILIAN PET FOODS is a Brazilian pet food company in the Agriculture / Food sector, operating from Arapongas, Paraná, Brazil. Company profiles describe it as a producer of pet food products for dogs and cats, with a long-running portfolio of complete nutrition offerings. Market sources place Brazilian pet food among a competitive national industry serving companion-animal nutrition demand in Brazil. The company was listed as a ransomware victim associated with lv.

Willis Klein is a Louisville, Kentucky-based business best known for decorative plumbing, door hardware, custom bathroom cabinets and furniture, and related residential and commercial products. Founded in 1960, the company also serves homeowners, designers, architects, builders, and facilities managers through showroom and security-focused divisions. Public business listings describe it as a fourth-generation family-owned operation with locations in Louisville and Lexington. It was listed as a ransomware victim associated with projectrelic.

BroadMed Holding is a pharmaceutical distribution company headquartered in Metn, Lebanon, specializing in the distribution of innovative pharmaceutical specialties from multinational companies throughout the MENA Region. The company serves pharmacies, dispensaries, drugstores, hospitals, and other medical entities as key points of contact for pharmacy sales representatives. Its operations focus on connecting BroadMed with healthcare providers across the region to deliver essential pharmaceutical products. BroadMed Holding was listed as a ransomware victim associated with the threat actor projectrelic.

Turner & Associates, LLP is a U.S.-based accounting and advisory firm in Weston and Miami, Florida, serving entity and individual clients with tax, accounting, and advisory solutions. Its public listings describe it as a full-service CPA firm offering professional financial services to a broad client base. In threat-intelligence catalogs, it appears under the public sector classification. It was listed as a ransomware victim associated with projectrelic.

Sterling Battery Company is a battery wholesaler and retailer based in Garden City, Idaho, serving customers from its Boise-area location and Idaho warehouses. Public business listings describe it as a manufacturing-sector company that sells batteries wholesale and retail, with operations centered on battery supplies. The firm has been in business since 1963 and is associated with the manufacturing and engineering supply chain. It was listed as a ransomware victim associated with projectrelic.

bfernandez.com is the website of B. Fernández & Hnos., Inc., a Puerto Rico-based company headquartered in Bayamón. The company describes itself as a leading distributor serving more than 5,200 clients across the island, with operations in sales and distribution and a broader business profile that includes manufacturing, hotel properties, and real estate ventures. Public company profiles place it in the food and beverage services or holding company space, reflecting its diversified distribution-focused business. It was listed as a ransomware victim associated with royal.

amarillogeeks.webhop.org points to Networks (Amarillo Geeks), an Amarillo, Texas technology services firm serving the Texas Panhandle and Eastern New Mexico with computer, networking, and related IT support. The company states it has operated since 1999 and provides business technology services from its Amarillo office. The domain is cataloged here as a ransomware-victim listing in the other sector, associated with LockBit3.

Aeronautics company Canada is a Services-sector aerospace business operating in Canada, part of a national industry centered on aircraft maintenance, repair, servicing, and related aviation support. Canadian aerospace firms commonly provide line maintenance, component repair, engine servicing, and other operational services for commercial and specialized aircraft. The sector is a major contributor to the national economy and includes companies serving civil, military, and industrial aviation needs. It was listed as a ransomware victim associated with everest.

Kreisverwaltung Rhein-Pfalz-Kreis is the county administration of Rhein-Pfalz-Kreis in Rhineland-Palatinate, Germany, with its headquarters in Ludwigshafen am Rhein. It provides municipal public services from its main office at Europaplatz and additional service locations, including offices for licensing and other administrative matters. As a German local government authority, it supports residents, businesses, and regional administrative tasks across the district. It was listed as a ransomware victim associated with vicesociety.

Main & Main Capital Group is a privately owned real estate development company based in Frisco, Texas, operating in the Services sector. It focuses on multi-unit rollout, real estate development, construction, financing, and value-added property design for business users. The company says it combines form and function to create properties that maximize business value. It was listed as a ransomware victim associated with lorenz.

MCCROSSAN is a Minnesota-based regional highway and heavy civil general contractor headquartered in Maple Grove, with operations focused on infrastructure and construction services in the Twin Cities area. The company’s work supports roads, highways, and related civil projects, reflecting a broader construction sector profile. Public company information also places MCCROSSAN in Maple Grove, Minnesota, United States. It was listed as a ransomware victim associated with hive.

The Condor Group is a construction services company with a Qatar presence, operating from Doha and serving industrial, commercial, and oil and gas clients. Its website describes the firm as a builder with projects across Qatar, the UAE, India, and related regional markets, including residential, hospitality, and retail work. Public company materials also present it as a long-established contractor with experience in modern construction technologies and multi-sector project delivery. It was listed as a ransomware victim associated with LockBit3.

CHAHousing.org is the website of the Chattanooga Housing Authority, a public housing organization based in Chattanooga, Tennessee. It manages more than 2,300 homes across 14 communities and administers housing assistance programs for families, seniors, and eligible residents. The agency also offers public housing and Housing Choice Voucher services, with contact and procurement information published on its site. It was listed as a ransomware victim associated with LockBit3.

ADNEC Centre Abu Dhabi is a multi-award-winning venue in Abu Dhabi, United Arab Emirates, that provides space and services for exhibitions, conferences, and events. It is part of ADNEC Group and supports organizers with facilities for corporate, trade, and live-event programs. Public business listings also place it in the broader cultural and informational centers, hospitality, and food service space. It was listed as a ransomware victim associated with lockbit3.

Hartnell College is a public community college in Salinas, California, serving students across the Salinas Valley. It operates multiple campus locations and education centers, including its main campus in Salinas and sites in King City, Castroville, Alisal, and Soledad. The college offers academic programs, student services, and transfer-focused education for local learners. In threat-intelligence indexing, it was listed as a ransomware victim associated with vicesociety.

Stavební bytové družstvo Stavbař (stavbar.cz) is a Czech housing cooperative based in Prague, Czech Republic. It has operated since 1966 and focuses on cooperative housing, property administration, and building management for residential and non-residential assets. The organization provides economic, operational, and legal services, including accounting, technical supervision, and support for SVJ and small housing cooperatives. It also manages more than 100 client entities, mainly in Prague 4 to 10. It was listed as a ransomware victim associated with lockbit3.

Sinopec Tech Houston (STHC) is a Houston, Texas-based energy research and technical support organization serving operations in the Americas. Its website says it focuses on Petroleum Engineering, Exploration & Production, and Petrochemicals, with work spanning drilling services, oil and gas technologies, and specialized research support. The company describes itself as an R&D center providing advanced, research-based technologies for the energy sector. It was listed as a ransomware victim associated with lockbit3.

oehc.corsica is the website of the Office d’Équipement Hydraulique de Corse, a public agency based in Bastia, Corsica, France. It manages water-related services and provides customer support for contracts, billing, consumption tracking, and related inquiries through its online and local service channels. The organization publishes contact details, customer service information, and office locations for users across Corsica. It was listed as a ransomware victim associated with lockbit3.

carone.com.mx is the website of Car One Group, a Mexican automotive group based in Monterrey, Nuevo León, in the northern region of the country. The company presents itself as a multimarket auto retailer and dealer network representing multiple vehicle brands. Its site promotes new, used, and demo vehicles, plus service and related automotive offerings across its dealerships. The domain was listed as a ransomware victim associated with LockBit3.

shmcomputers operates within the IT sector, utilizing ScreenConnect remote support software to enable technicians to instantly connect to endpoints and resolve issues without user interruption. The company leverages ScreenConnect's comprehensive features, including Backstage and Toolbox tools, to support faster diagnosis and resolution for organizations managing desktops and mobile devices. ScreenConnect is compatible with Windows, Mac, and Linux systems, offering diverse connection options for techs and customers needing remote access. shmcomputers was listed as a ransomware victim associated with the LockBit3 threat actor.

Adven is a Finland-based energy group serving industrial and real estate customers across Northern Europe, with offices in Finland, Sweden, Estonia, Latvia, and the Netherlands. It provides energy-efficient district heating, geoenergy, steam, heat, cooling, and water treatment services. Company materials describe it as a partner in the energy transition, focused on sustainable and competitive infrastructure solutions. It was listed as a ransomware victim associated with Royal.

Walters & Wolf is a California-based construction company headquartered in Fremont, with operations focused on design, engineering, fabrication, and installation for building-envelope systems. Its work includes curtain walls, window systems, architectural glass, metal panels, and stone cladding for commercial and institutional projects. Public company profiles describe it as serving construction markets across the United States. It was listed as a ransomware victim associated with Cuba.

Silverstone.co.uk operates the Silverstone Circuit, a premier motor racing venue located in Northamptonshire, England, near the villages of Silverstone and Whittlebury. The circuit is the legendary home of the British Grand Prix and MotoGP events, offering tickets, hospitality packages, driving experiences, and trackside fan entertainment for major racing seasons. It hosts Formula 1, MotoGP, and other racing events, providing grandstand seating, park-and-ride services, and VIP experiences for attendees. The venue was listed as a ransomware victim associated with the Royal threat actor in the threat-intelligence index.

zender.de is a German domain in the Other sector; based on its name, it appears to belong to a business or organization rather than a consumer-only brand. Public web search did not surface a clear official company profile, product page, or location details for zender.de to verify its offerings. In threat-intelligence indexing, the domain is cataloged as a ransomware victim tied to the Royal threat actor. The listing itself does not confirm a breach or disclose additional incident details.

Law Offices of John T. Orcutt is a North Carolina consumer bankruptcy law practice serving clients through multiple offices across the state, including Raleigh, Durham, Fayetteville, Greensboro, Wilson, Southport, and Wilmington. The firm’s website describes it as a debt relief agency that helps people file for bankruptcy protection and focuses on consumer debtor bankruptcy law. In threat-intelligence indexing, the entity is referenced as LAW OFFICES OF JOHN T ORCUTT WAS HACKED. MORE THEN 2TB SENSETIVE DATA LEAKED., and it is associated with the legal and financial services environment in the United States. It was listed as a ransomware victim associated with lv.

h-ortmeier.de is the official website of Ortmeier Maschinen- und Vorrichtungsbau GmbH & Co. KG, a German company based in Neuburg an der Kammel, specializing in machinery construction, device manufacturing, and automation technology. The firm offers welding services for metal parts, including robotic welding, and provides development and engineering solutions for industrial automation systems. Located in Langenhaslach, Germany, the company serves clients across the manufacturing sector with custom machinery and automation integration. The company was listed as a ransomware victim associated with the Royal threat actor.

aviso.ci is an Ivory Coast company based in Abidjan, with listings placing its address on Avenue Houdaille in the EECI building. Public directory records associate the domain with Aviso CI and show network and contact details for the organization. Its online presence reflects a local business or service operator in the country’s "Other" sector. In threat-intelligence indexes, aviso.ci was listed as a ransomware victim associated with royal.

APM Terminals is a port operating company headquartered in The Hague, Netherlands, that manages container terminals and provides integrated cargo and inland services across 38 countries on five continents. The company operates 74 port and terminal facilities globally, serving shipping line and landside customers while seamlessly integrating land and sea to ensure supply chains remain safe and undisrupted. With more than 22,000 industry professionals and over 60 terminals in its network, APM Terminals is part of Maersk, an integrated transport and logistics leader. The company was listed as a ransomware victim associated with the Hive threat actor.

Thaiho.com represents Thai Ho Group, a professional cosmetics manufacturer and beauty incubator hybrid founded in 1980 with headquarters in Shanghai and operations across Greater China. The company provides creative services, R&D, and global manufacturing for a full range of skincare and cosmetic products, leveraging state-certified testing centers for quality assurance. It serves as a leading OEM, ODM, and OBM provider with over 10,000 innovative formulas and patented technologies. Thaiho.com was neutrally listed as a ransomware victim associated with the threat actor Lockbit3.

crtl.com is the website of Crown Retail Services, a New York-based commercial real estate firm serving clients across the United States. The company describes itself as a trusted partner for commercial and retail real estate, with a focus on market knowledge, transparency, and client success. Public company profiles identify its services as strategic leasing and tenant representation. It was listed as a ransomware victim associated with LockBit3.

METRO is a U.S.-based manufacturer of storage and productivity products, including wire shelving and related systems used in foodservice, commercial, and healthcare settings. The company is headquartered in Wilkes-Barre, Pennsylvania, and markets its products under the Metro brand. Its catalog spans storage, transport, and organizational solutions for business environments. In threat-intelligence indexes, METRO was listed as a ransomware victim associated with blackbasta.

TCQ is a United States-based company in the Other sector, meaning it operates outside a specific industry category such as healthcare, finance, or manufacturing. Publicly available threat-intelligence records do not provide enough verified detail here to describe its offerings without risking invention. Hive was a ransomware-as-a-service group active against organizations worldwide and disrupted by law enforcement in 2023. TCQ was listed as a ransomware victim associated with Hive.

ROYAL GATEWAY CO., LTD is a company based in Bangkok, Thailand, operating within the Services sector, with offerings potentially linked to beverage distribution and business services. The company is located in Khlong Toei Nuea, Bangkok, and employs approximately 51 to 200 people, indicating a mid-sized operational footprint. While some sources associate it with beverage manufacturing or document management, its primary classification aligns with Services. The company was listed as a ransomware victim associated with the hive threat actor.

Sohnen Enterprises, Inc. is a privately held reverse logistics and consumer-product refurbishing company based in La Palma, California, with facilities in California and Tijuana, Mexico. Founded in 1971, it manages product returns, refurbishment, redistribution, and recycling for manufacturers and large retailers. The company says it serves electronics and other consumer products through large-scale processing operations. It was listed as a ransomware victim associated with Royal.

Cornwell Quality Tools is a privately held American company based in Wadsworth, Ohio, that manufactures and sells professional tools and storage equipment. It serves automotive and aviation technicians through mobile tool franchise owners and direct sales channels. Founded in 1919, the company promotes itself as a long-running mobile tool brand for professional users in the United States. It was listed as a ransomware victim associated with Hive.

ALTEK is a contract manufacturing company based in Liberty Lake, Washington, in the United States. It serves aerospace, medical, space, technology, and defense customers with manufacturing and product-realization services, including injection molding, tooling, precision machining, painting, and printing. The company presents itself as a full-service manufacturer for complex industrial and regulated applications. It was listed as a ransomware victim associated with blackbyte.

Ivaco Rolling Mills is a manufacturing company based in L'Orignal, Ontario, Canada, with contact details at 1040 Highway 17, Box 322. It produces hot rolled wire rod and continuous cast steel billets and serves a global customer base through shipping and processing services. The company says it employs about 500 people. It was listed as a ransomware victim associated with Royal.

Wilken Software Group is a German information technology company based in Ulm, Baden-Württemberg, with around 650 employees. It provides tailored software solutions for the energy, health, and social sectors and serves organizations in Germany’s critical infrastructure. The company describes itself as a technology partner focused on connecting technology, people, and visions. It was listed as a ransomware victim associated with blackbasta.

Sheehan Family Companies is a family-run U.S. beverage distributor headquartered in Kingston, Massachusetts, with a network of eight distributors across four states. It supplies beer, spirits, wine, hard ciders, and related beverages, and works with breweries, wineries, distilleries, and public warehouse and freight operations. The company describes itself as serving the Northeast, Mid-Atlantic, and Midwest through local distribution and logistics. It was listed as a ransomware victim associated with Royal.

richard-wolf.com is the official website of Richard Wolf GmbH, a Germany-based medical technology company founded in 1906 specializing in endoscopy and extracorporeal shock wave treatment systems. The company offers rigid and flexible instruments for urology, general surgery, gynecology, orthopedics, pulmonology, spine surgery, proctology, pediatrics, and shockwave therapies. As a full-service provider in endoscopy, it delivers sustainable, innovative instruments and system solutions for minimally invasive surgery to physicians, patients, and technicians globally. richard-wolf.com was listed as a ransomware victim associated with lockbit3.

Medibank.com.au is the website of Medibank Private Limited, an Australian private health insurer headquartered in Melbourne, Victoria. It provides private health insurance and related health services, with offerings that include health cover, member support, travel insurance and other insurance products. Medibank is one of Australia’s largest health insurers and serves members across the country. It was listed as a ransomware victim associated with REvil.

thenet.group, operating as The Net Global, is a services-sector logistics and distribution company based in Dubai, United Arab Emirates, with regional operations across Lebanon, Jordan, Iraq, Turkey, Saudi Arabia, and France. It offers international express delivery, eCommerce delivery, fulfillment and warehousing, freight, and related cross-border shipping services for B2B and B2C clients. The company was listed as a ransomware victim associated with lockbit3.

Rockworth India operates as an Indian office furniture manufacturer and workplace solutions provider, offering professional furniture, acoustic pods, desks, and turnkey workspace products. Its website lists operations from Sri City in Andhra Pradesh, India, and describes the company as designing and manufacturing modern, innovative furniture solutions for businesses. Company materials also state that Rockworth has delivered precision-engineered, sustainable office furniture since 1972. The entity was listed as a ransomware victim associated with LockBit3.

Optiprint.ca is a Canadian company based in the Communication and Marketing sector, specializing in preparing SR&ED tax claims for businesses with engineering, chemistry, and printing expertise. The firm comprises an elite team of engineers, chemists, printing experts, and tax specialists dedicated to supporting research and development tax credit applications. It serves clients in Canada by offering tailored guidance on SR&ED claims for eligible R&D activities. Optiprint.ca was neutrally listed as a ransomware victim associated with the LockBit3 threat actor.

CR&R Environmental Services is a leading waste and recycling collection company headquartered in Stanton, California, serving over 3 million residents and 25,000 businesses across Orange, Los Angeles, San Bernardino, Imperial, and Riverside counties. The company provides comprehensive environmental services including curbside trash collection, organic recycling, e-waste pickup, and rubbish removal for both residential and commercial clients. Founded in 1963, CR&R has operated for over 65 years as one of Southern California's most innovative and successful recycling and waste management firms. CR&R Environmental Services was neutrally listed as a ransomware victim associated with the threat actor vicesociety.

Everstrong Capital is a U.S.-owned infrastructure asset manager founded in 2015 and based in Nairobi, Kenya, with offices in the United States, Kenya, and South Africa. It focuses on late-stage infrastructure development and investments across transportation, energy and power, communication, healthcare, and housing, with an emphasis on Africa. Public company materials describe a portfolio centered on sustainable infrastructure and business development in the region. It was listed as a ransomware victim associated with lockbit3.

Kearney & Company, operating at kearneyco.com, is an Alexandria, Virginia-based Certified Public Accounting firm focused on the government and public sector. The firm provides audit, consulting, and technology services, and describes itself as a trusted advisor to federal financial management. Its work is centered on helping government clients with accounting and related professional services. It was listed as a ransomware victim associated with lockbit3.

Maynards Industries Ltd is an auction, liquidation, appraisal, and financial services provider headquartered in Livonia, Michigan, with operations spanning industrial equipment auctions and asset-based lending. Founded in 1902, the company maximizes returns through competitive bidding environments and connects sellers with qualified buyers globally. It serves primarily industrial and commercial clients across the United States, offering asset appraisals and auction platform services. Maynards Industries Ltd was listed as a ransomware victim associated with royal.

MITCON Consultancy & Engineering Services Limited is an Indian technical consulting organization based in Pune, Maharashtra, and founded in 1982. It provides business, technical, marketing, financial, energy, environmental, renewable energy, and skill-development services across industrial and engineering use cases. The company describes itself as an ISO-certified, NSE-listed consultancy serving organizations with advisory and implementation support. It was listed as a ransomware victim associated with blackbasta.

phbygg.se is the website of Peterson & Hansson Byggnads AB, a Swedish construction company based in Falkenberg and Halmstad, with additional presence in Varberg. The company says it has operated since 1963 and serves clients across Halland and nearby areas, providing building and construction services for residential and related projects. Its public contact pages identify it as a construction business with offices and staff details in Sweden. It was listed as a ransomware victim associated with blackbyte.

brotolegal.com.br is the web domain of Broto Legal, a Brazilian company operating in the finance, legal and insurance-related services space. Public listings and business profiles describe Broto Legal Alimentos S/A as a long-established Brazilian brand, while the domain itself serves its official online presence in Brazil. The company is associated with commercial offerings and customer support tied to its business operations. It was listed as a ransomware victim associated with blackbyte.

Northwest Michigan Health Services Inc. (nmhsi.org) is a federally qualified health center and nonprofit organization in northwest lower Michigan. It provides medical, dental, and behavioral health services to patients at locations in Traverse City, Benzonia, Manistee, and Shelby, Michigan. The organization also offers patient support services and accepts new patients. It was listed as a ransomware victim associated with Royal.

prioritypower.net represents Priority Power, a national energy consultancy headquartered in Texas that provides customized energy management, procurement, and infrastructure services to commercial and industrial clients. The firm delivers data-driven solutions spanning strategy, supply, infrastructure, and operations to strengthen market leadership for organizations navigating complex energy landscapes. As an established energy partner since 2001, it offers integrated multi-service solutions designed to power enterprise growth through mission-critical energy systems. prioritypower.net was listed as a ransomware victim associated with the royal threat actor.

happysapiensdental.com is the official website of Happy Sapiens Dental, a general dentistry clinic located in Pinehurst and The Woodlands, Texas. The clinic provides comprehensive dental treatment planning, restorative and cosmetic dentistry, family care, Invisalign, dental implants, and dentistry for adults. Services include cavity treatment, dental exams, tooth filling repair, braces, sedation, sleep apnea care, Botox, and derma fillers. Happy Sapiens Dental operates five days a week with same-day appointments and offers a dental savings plan for patients without insurance. The clinic was listed as a ransomware victim associated with the threat actor royal.

Caminorealkitchens.com is the official website of Camino Real Kitchens, a food production company based in Vernon, California, specializing in high-quality Mexican frozen foods including handheld items and wrapped burritos. The company, also known as Camino Real Foods Inc., operates within the food manufacturing sector and serves customers across the United States with its range of frozen Mexican food products. Founded in 1980 and headquartered at 2638 East Vernon Avenue, the firm employs approximately 26 people and generates revenue between $10 million and $50 million. Caminorealkitchens.com was listed as a ransomware victim associated with the Royal threat actor.

benbrooklibrary.org represents the Benbrook Public Library, a local public library serving Benbrook, Texas, in the United States. The library’s published materials place it at 1065 Mercedes Street in Benbrook and identify it as part of the community library network serving area readers and visitors. Public-facing information shows the library offers standard library services and community programming for patrons. It was listed as a ransomware victim associated with Royal.

Miller Milling Company is a U.S. flour milling business in the food and beverage manufacturing sector. It operates mill and corporate locations in Minnesota and California, and its website describes premium wheat flour products for varied customer needs. The company says it is a leader in flour milling and the fourth largest wheat flour miller by volume in the United States. millermilling.com was listed as a ransomware victim associated with Royal.

Sunwell Group operates as a leading textile supplier and trading company based in Japan, with offices in Osaka, Tokyo, Nagoya, Shanghai, and Bangkok. Its website describes a long-running business in textile trading and supply, serving clients through its domestic and overseas branches. Public company profiles for the Sunwell brand also identify related operations in Japan, including staffing and technology-focused services under different Sunwell entities. The site was listed as a ransomware victim associated with Royal.

power-soft.com appears to be the website of PowerSoft Development Corp., a Canadian software company based in Sooke, British Columbia, that markets business software and related services. Its site describes products such as PowerQuote and positions the company around software designed to support sales and business operations. The company is listed under the Other sector, reflecting a broad software-oriented profile rather than a narrowly defined industry. It was listed as a ransomware victim associated with royal.

orthoexperts.com is the website of Midwest Orthopaedic Consultants, a suburban Chicago orthopedic practice serving patients in Orland Park and Oak Lawn, Illinois. The practice says it provides comprehensive orthopedic care, including diagnostic services, surgical treatment, bracing, rehabilitation, and urgent orthopedic visits. Its site also notes walk-in hours and other patient resources for local care. It was listed as a ransomware victim associated with royal.

mmemed.com is the website of Master Medical Equipment, a Jackson, Tennessee-based distributor of new and recertified medical equipment. The company serves healthcare and EMS customers with products such as defibrillators, ventilators, monitors, and related support services. Its public site describes nationwide sales coverage and tailored solutions for hospitals and acute-care facilities. The domain was listed as a ransomware victim associated with Royal.

InfoCision is a U.S.-based contact center and business process outsourcing company headquartered in Akron, Ohio, serving brands with customer care and call center services. The company says it helps clients improve conversions, customer satisfaction, and cost per contact through scalable support operations. Public profiles describe InfoCision as a global leader in contact center and BPO services with more than 40 years in business. It was listed as a ransomware victim associated with Royal.

Wiseyes.net is the website of Wiseyes Solutions Sdn. Bhd., a Malaysia-based information and communication technology company established in 2004. It provides software development, internet access services, software maintenance, and IT consulting for public and private sector clients, and it operates from Johor Bahru with additional facilities in Malaysia. The company’s online profile also references security systems, outsourcing, and disaster-recovery support.

Royal Imaging is a U.S.-based document imaging and records-management company that provides scanning, ECM, and business automation services for enterprises. Its offerings include document conversion, document management software, consulting, implementation, and training across industries such as healthcare, education, finance, and government. Company materials describe it as serving organizations worldwide from the United States. It was listed as a ransomware victim associated with royal.

WhitneyOilCo.com operates as Whitney Oil & Gas, LLC, an oil and gas exploration and production company headquartered in Houston, Texas. The firm manages onshore and shallow-water assets across southern Louisiana, with a primary focus on onshore drilling operations. Its offerings include the exploration and extraction of petroleum resources through onshore and shallow-water projects. The company was listed as a ransomware victim associated with the Royal threat actor.

pandafunds.com is the website for Panda Power Funds, a Dallas, Texas-based energy investment firm focused on the electric power and utilities space. Public profiles describe the company as operating from Dallas and as an investment manager for power-generation assets in the oil and gas and utilities sectors. The site represents a corporate brand associated with financing and investing in power infrastructure. It was listed as a ransomware victim associated with Royal.

Veroni is an Italian food company based in Correggio, Emilia-Romagna, founded in 1925 as a salumeria by five brothers. It produces cured meats and cold cuts and operates multiple subsidiaries and production plants, including a slicing facility in the United States. The company presents itself as a long-established brand in Italian charcuterie with an international footprint. veroni.it was listed as a ransomware victim associated with royal.

Pressco Technology, Inc. is an industrial equipment company based in Cleveland, Ohio, with headquarters on Aurora Road. It develops high-speed vision inspection systems for the food, beverage, and packaging industries, and describes its work as helping improve process control and quality inspection. Public company profiles also identify Pressco as a long-established manufacturer founded in 1966. The entity was listed as a ransomware victim associated with Royal.

Cymax.com is the consumer-facing site of Cymax Business, a Canadian eCommerce retailer based in Burnaby, British Columbia, that sells home and office furniture. The company also presents itself as part of Cymax Group Technologies, an eCommerce technology and logistics services platform serving big-and-bulky vendors and retailers. Its online catalog emphasizes discount furniture and workspace solutions for residential and commercial use. It was listed as a ransomware victim associated with Royal.

Fishmans.ca operates Fishman's Dry Cleaning, a Calgary-based dry cleaning and alterations service with 13 to 14 locations across Alberta, Canada. The company offers a wide range of dry cleaning services, including personal care cleaning and alterations, serving customers in Calgary’s southwest, northeast, and central quadrants. Fishman's maintains multiple storefronts in neighborhoods such as Inglewood, Britannia, Montgomery, and Knob Hill, with operating hours typically from 7:00 AM to 7:00 PM Monday through Friday. Fishmans.ca was listed as a ransomware victim associated with the royal threat actor.

Quantum Plastics is a U.S.-based plastics manufacturer that operates multiple production sites across Arkansas, Illinois, Iowa, Texas, North Carolina, and Mexico. It specializes in custom injection molding, blow molding, and assembly for industrial and other applications, with an emphasis on tight tolerances and complex geometries. Company materials also describe it as a global supplier serving a wide range of industries. The company was listed as a ransomware victim associated with Royal.

Canny Elevator Co., Ltd. is a China-based company principally engaged in the research, development, production, distribution, installation, and maintenance of elevators. The company provides passenger elevators, tourism elevators, medical elevators, freight elevators, dumb elevators, home elevators, commercial escalators, moving pavements, and heavy freight transportation escalators. It also offers elevator parts and components, including drive assemblies and escalator subsystems, distributing products domestically and overseas. Canny Elevator Co., Ltd. was listed as a ransomware victim associated with the threat actor mallox.

API MDC Technical Research Centre Sdn Bhd is a Malaysian enterprise headquartered in Sungai Petani, Kedah, operating in the hardware and plumbing merchant wholesaler industry since 2007. The company engages in the repair of motor vehicles, plant, and machineries, reflecting its technical research and industrial service focus. While its primary sector is hardware and equipment supply, it has been categorized under IT in this context due to its technical operations. The firm was neutrally listed as a ransomware victim associated with the threat actor mallox, with no confirmed details on data impact or breach specifics.

Aerotech Precision Manufacturing is a UK-based company located in Poole, Dorset, specializing in precision manufacturing and CNC machining for over 25 years. The firm supplies high-quality, safety-critical components and parts to various industries, operating from modern facilities at Upton Industrial Estate. As an AS9100 approved subcontract CNC machining specialist, it delivers forward-thinking manufacturing solutions with a focus on quality and safety. Aerotech Precision Manufacturing was listed as a ransomware victim associated with the threat actor mallox.

Club de Tenis La Paz is a sports club in La Paz, Bolivia, located in the La Florida area on Av. Arequipa. Its published listings describe a tennis-focused facility with multiple outdoor clay courts, a swimming pool, and member services for play, reservations, and club activities. The organization serves players and members in the city’s residential south side and appears in club and sports venue directories. It was listed as a ransomware victim associated with mallox.

bfw is an organization in the Other sector based in Germany. Public business listings identify it as part of the wider German economy, but do not provide a detailed public service or product profile. In threat-intelligence indexing, bfw appears as a ransomware victim entry associated with the Cuba ransomware group. The listing does not, by itself, confirm the scope or impact of any incident.

Ville-chaville refers to Chaville, a commune in the Hauts-de-Seine department of Île-de-France, France, situated between Paris and Versailles. The town provides local municipal services through its official city administration and public website, reflecting its role as a suburban local government entity. Chaville is part of the greater Paris area and serves residents with standard civic, cultural, and territorial services. It was listed as a ransomware victim associated with cuba.

Murphy Family Ventures is a privately held management company based in Wallace, North Carolina, with operations tied to the Murphy family’s businesses and a mix of commercial holdings. Its website says it provides a wide array of support services to businesses owned by the Murphy Family and others, and company materials describe interests spanning agriculture and other sectors. Privco classifies the firm as a conglomerates company founded in 2004. It was listed as a ransomware victim associated with Cuba.

Ginspectionservices, also known as Global Inspection Services (GIS), is a services company based in Madrid, Spain, with additional offices across Europe, the Americas, the Middle East and Asia. It provides inspection, testing and certification services for EPC firms, owners and vendors, and its website lists cargo and loading inspection, shipping quality and quantity inspection, and survey sampling testing among its offerings. The company also describes technical inspection work for mechanical and electrical equipment. It was listed as a ransomware victim associated with Cuba.

Dialogsas is a French logistics services company based in Cherbourg-en-Cotentin, Normandy. It provides industrial packaging, logistics, transport, and freight forwarding services for commercial and industrial clients. Business directory records also classify it in transportation support activities and related service operations. It was listed as a ransomware victim associated with cuba.

usairports refers to the network of airports within the United States that serve as critical hubs for the transportation sector, facilitating the movement of passengers and cargo across the country. These facilities support both passenger and cargo operations, including airport and ground handling services, forming the backbone of the US aviation infrastructure. The US civil aviation industry carries nearly one billion passengers annually, with airports requiring extensive upgrades to meet growing demand. usairports was listed as a ransomware victim associated with the Cuba threat actor.

Trant Engineering Ltd is a privately owned UK engineering company based in Southampton, Hampshire, and it describes itself as one of the country’s leading firms with more than 1,000 employees. Its website and company filings show operations from Rushington House in Totton, with contact details for UK and Falklands offices. Public company profiles also describe Trant as established in 1958 and active in multidisciplinary engineering services. In this threat-intelligence listing, trant.co.uk was named as a ransomware victim associated with cuba.

the_rose_executive_team appears to be a U.S.-based business or organization in the broad other sector, but publicly available search results do not clearly identify its core offerings or operating location. Because the name is generic, the entity should be treated as an organization-level listing rather than a confirmed branded company profile. In threat-intelligence catalogs, it is used to tag victim activity and support entity matching across incidents. It was listed as a ransomware victim associated with cuba.

Technicote is an Ohio-based company known for self-adhesive and pressure-sensitive label solutions, serving industrial and commercial customers across sectors such as retail, healthcare, and manufacturing. Public company profiles place its headquarters in Miamisburg, Ohio, and describe a long-standing U.S. operation with multiple facilities. The company’s portfolio includes label stock, film products, and related release-liner materials for industry use. It was listed as a ransomware victim associated with Cuba.

stm.com.tw is the website of Sin Sheng Terminal and Machine Inc. (信盛精工股份有限公司), a Taiwan-based manufacturer in Kaohsiung City. The company says it has decades of experience in developing connectors, materials, product design, and mold manufacturing, and provides one-stop services for customer requirements. Its English site also describes it as a producer of electronic, electrical, and automotive connectors. It was listed as a ransomware victim associated with cuba.

site-technology_ operates within the Information Technology sector, providing technology solutions and services primarily in the United States. The company specializes in delivering IT offerings that support critical infrastructure and business operations across various industries. It was listed as a ransomware victim associated with the Cuba threat actor, which has targeted numerous entities in the IT industry using double extortion techniques. The Cuba group employs phishing campaigns and known software vulnerabilities to gain initial access before deploying ransomware that encrypts files and demands payment. This incident underscores the ongoing risks faced by IT sector companies from sophisticated cyber-threat actors targeting critical infrastructure globally.

Schultheis Insurance is an independent insurance agency serving clients in Ohio and Indiana, with offices in Marietta, Evansville, Greenwood, and nearby communities. Its public listings describe it as offering home, auto, business, life, health, employee benefits, and annuity coverage. The company presents itself as serving personal and commercial insurance needs through local agents and long-standing community offices. It was listed as a ransomware victim associated with Cuba.

Quercus is listed in public business directories as a company in the **other** sector, but the available records do not provide a reliable public description of its products, services, or headquarters location. In the absence of an authoritative company profile, it should be treated as an identified organization with limited publicly verifiable business detail. The name has also appeared in threat-intelligence catalogs that track ransomware exposure. It was listed as a ransomware victim associated with **Cuba**.

OTR Capital is a Roswell, Georgia-based financial services company specializing in factoring solutions for the transportation industry, offering non-recourse rates as low as 2.25% for 1-3 trucks with same-day funding. The firm, established in 2011, provides working capital solutions to help transportation clients maintain positive cash flow while growing their operations. In 2023, OTR Capital rebranded to OTR Solutions to better reflect its expanded offerings in technology and financial services. The company was listed as a ransomware victim associated with the Cuba threat actor, with no confirmed details on stolen data or breach specifics.

Ohagin is listed in the Other sector, a broad category used for organizations that do not fit a standard industry classification. Publicly available details in the provided sources do not specify its services or location, so the entry should be read as a generic business profile rather than a verified corporate description. In cyber-threat-intelligence indexing, such records typically identify an organization by name and sector while keeping the incident attribution separate from operational details. It was listed as a ransomware victim associated with Cuba.

nwdusa is Northwest Door, a Puyallup, Washington-based manufacturer and distributor of residential and commercial garage doors and accessories. The company, founded in 1946, operates in the manufacturing and industrial sector and serves customers through its NorthwestDoor.com brand. Public business listings also identify it with door products and related accessories. It was listed as a ransomware victim associated with cuba.

ncmutuallife2 refers to North Carolina Mutual Life Insurance Company, an insurance firm founded in Durham, North Carolina, with its main office at 411 West Chapel Hill Street. The company has long described itself as a mutual life insurer serving financial and social development needs, placing it in the Other sector. Public records also show the company was later placed into liquidation in North Carolina. It was listed as a ransomware victim associated with cuba.

meriplex operates within the Other sector, with no specific geographic location or detailed offerings publicly documented in available sources. As an entity in the Other sector, its precise business activities remain undefined due to limited public information. The organization was listed as a ransomware victim associated with the Cuba threat actor, which is known for double extortion tactics and high ransom demands. This listing reflects a claim by the Cuba group, though no official confirmation or stolen-data specifics are publicly verified. The incident underscores the broader risk posed by Cuba to entities across multiple sectors, including those in the Other category.

Megaforce is an entity operating in the Other sector with no specific geographic location or defined commercial offerings publicly documented. As a general organization, it provides services or functions that are not classified under standard industry categories. The entity was listed as a ransomware victim associated with the Cuba threat actor, which targets organizations using known vulnerabilities and phishing campaigns. Cuba, believed to be of Russian origin, has compromised over 100 entities worldwide since 2019. Megaforce's inclusion in this index highlights the global reach of the Cuba ransomware group.

The LYCRA Company is a fiber sector entity headquartered in Wilmington, Delaware, USA, recognized worldwide for its high-quality spandex products, technical expertise, and marketing support. It operates globally with 4 R&D labs, 6 manufacturing facilities, 1 distribution hub, and 13 offices across North America, Europe, Asia, and South America. Since 1958, its LYCRA brand spandex fiber has transformed the global textile industry to meet needs for comfort, fit, and movement. The company was listed as a ransomware victim associated with the threat actor Cuba.

Linkmfg is Link Manufacturing, a U.S.-based company headquartered in Sioux Center, Iowa, in the truck transportation sector. It develops and manufactures heavy-duty truck cab, chassis and auxiliary suspension systems, including products for commercial vehicles and equipment. The company also operates a Canadian location in Nisku, Alberta, and markets itself as a leader in cab suspensions and OE engineering support. It was listed as a ransomware victim associated with cuba.

learning_resources is an Education-sector organization in the United States, a field that includes schools, colleges, and universities and depends on continuity for teaching, exams, and student services. Public reporting on ransomware in education shows that attackers frequently target institutions where downtime can disrupt classes and administrative operations. The Cuba ransomware group has been documented attacking organizations across multiple sectors, including critical infrastructure and education-related targets. learning_resources was listed as a ransomware victim associated with cuba.

Landofrost is a Netherlands-based company in the food and beverage supply chain, best known for producing packaged meats and related products for retail and foodservice customers. Its operations place it in the broader Other sector, where manufacturers and distributors rely on continuous logistics, cold-chain handling, and customer trust. In threat-intelligence catalogs, landofrost appears as a corporate victim entry rather than a statement about operational impact or data loss. It was listed as a ransomware victim associated with cuba.

Innovairre is a U.S.-based fundraising support company headquartered in Cherry Hill, New Jersey, with additional locations in the United States and abroad. It serves nonprofit organizations and commercial clients with fundraising and marketing services, including support for sectors such as financial services, healthcare, insurance, publishing, and retail. Company sources describe it as a global leader in fundraising with a large employee base and broad client reach. It was listed as a ransomware victim associated with Cuba.

get-integrated is an Other-sector organization that appears to operate in the United States, though public sources provide limited detail about its offerings. Available information does not clearly identify a specific product line or business model, so the company is best described conservatively from its name and sector. In threat-intelligence indexes, it is recorded as a ransomware victim associated with Cuba, a financially motivated group that has targeted organizations across multiple sectors. The listing does not by itself confirm the scope or impact of the incident.

Gascaribe is an energy-sector company in Colombia that distributes natural gas and serves residential, commercial, and industrial customers. Its business centers on gas utility operations and related energy services, making it part of critical infrastructure in the country. In threat-intelligence catalogs, Gascaribe is listed as a ransomware victim. The listing associates the incident with Cuba.

Forefront Dermatology is a leading multi-brand dermatology practice group with numerous convenient locations throughout the United States, including clinics in O'Fallon, Missouri and Brookfield, Wisconsin. The organization offers board-certified medical, surgical, and cosmetic dermatology services, including skin cancer screenings, Mohs surgery, and laser hair removal. Patients can self-schedule appointments online or contact offices directly to book visits for personalized skin care needs. Forefront Dermatology was listed as a ransomware victim associated with the threat actor cuba.

First Coast Logistics Services is a transportation and logistics company based in Jacksonville, Florida, with operations tied to local trucking, storage, and freight movement through major ports and rail networks. Sources describe it as serving shipping and intermodal logistics needs in the Transportation / Travel / Logistics sector. Its business profile aligns with domestic cargo handling, shipment coordination, and related carrier services. It was listed as a ransomware victim associated with Cuba.

E.H. Wachs Pipe Cutters is a U.S.-based company in the Other sector, best known for equipment and tools related to pipe cutting and pipe maintenance. Public records also show the name E H Wachs Company Inc. in procurement documentation, indicating an established industrial supplier. The listing records E.H. Wachs Pipe Cutters as a ransomware victim associated with Cuba.

Datamatics is a public digital technologies, operations, and experiences company headquartered in Mumbai, India, with offices in the United States, the United Kingdom, the United Arab Emirates, the Philippines, and other markets. It provides consulting, information technology, data management, business process management, and related digital services to global enterprises. Public company profiles also describe it as an IT services and IT consulting firm with a broad international delivery footprint. In the threat-intelligence index, Datamatics was listed as a ransomware victim associated with Cuba.

CreditRiskMonitor.com, Inc. is a Nevada-based, remote-only software company that provides subscription SaaS tools for business-to-business credit and supply-chain risk analysis. Its products help credit, financial, and supply-chain professionals assess corporate financial risk, monitor counterparties, and review company data and news. The company is headquartered in Tarrytown, New York, and serves a wide range of professional users. It was listed as a ransomware victim associated with Cuba.

blackhawk operates within the Other sector, with no specific geographic location or service offerings publicly documented in available sources. The entity is not associated with critical infrastructure, manufacturing, or other defined industries, and its operational scope remains broadly undefined. Despite limited public information, blackhawk was listed as a ransomware victim associated with the Cuba threat actor, which is believed to be of Russian origin and known for double-extortion tactics. The Cuba group has targeted entities globally, demanding over $145 million in ransom payments as of August 2022. No official breach notification or first-party disclosure from blackhawk has been identified to confirm the incident date.

Berding & Weil is a California law firm based in Walnut Creek, with additional offices in Costa Mesa and San Francisco. It focuses on construction defect, community association, business, and real estate law, serving property and commercial clients across the state. The firm describes itself as one of the largest and most experienced construction defect and community association law firms in the nation. It was listed as a ransomware victim associated with Cuba.

bcintlgroup.com is associated with BC International Group, a U.S.-based services business headquartered in Totowa, New Jersey. Public business directories describe it as a global apparel manufacturer and distributor serving retail and consumer-goods customers, with products that include fur apparel. Its corporate profile places it in the Clothing and Clothing Accessories Retailers category and identifies the company’s website as bcintlgroup.com. It was listed as a ransomware victim associated with cuba.

Axley is a Wisconsin law firm based in Madison, with additional offices in Waukesha, serving clients in business, corporate, tax, litigation, trusts, estates, health care, and related matters. Founded in 1885, it operates as a full-service legal services provider for organizations and individuals across the state. In threat-intelligence records, Axley appears as a ransomware victim listing tied to the Cuba threat actor. The listing associated Axley with Cuba in the United States.

AFTS is Automatic Funds Transfer Services, a Seattle-based payment services company that processes payments and manages related transaction operations. Reporting on the incident described it as a payments processing provider whose business operations were disrupted during the attack. Cuba is a ransomware actor that has targeted organizations across financial services and other critical sectors. AFTS was listed as a ransomware victim associated with cuba.

Skupstina is an organization in the Business, Professional, Labor, Political, and Similar Organizations sector, with a registered address in Niš, Serbia. Business-directory records place it at Bulevar Dr. Zorana Đinđića 121/A in the Medijana area of the city, and identify it as a local organizational entity. In threat-intelligence catalogs, it is recorded as a ransomware victim. The listing associates Skupstina with the threat actor cuba.

Hettich Benelux is a Netherlands-based company in the other sector, headquartered in Geldermalsen, Gelderland, and operating from De Aaldor 9. It designs, produces, installs, and maintains laboratory and climate equipment focused on precise control of temperature, humidity, and gases, with custom and standard solutions for research and technical applications. Public company profiles also describe a broad product range that includes climate cabinets, incubators, cooling and freezing systems, and related laboratory equipment. It was listed as a ransomware victim associated with lockbit3.

Landi Renzo S.p.A. is an Italian company headquartered in Cavriago, in the Province of Reggio Emilia, Italy. It designs, manufactures, markets, installs, and sells LPG and CNG fuel supply systems for vehicles, serving the sustainable mobility and infrastructure sectors. The company is known for gas-fuel components and systems used in the motor vehicle market. Landi Renzo was listed as a ransomware victim associated with hive.

continental.com is the official website of Continental AG, a German multinational manufacturing company headquartered in Hanover, Germany. Continental develops and produces tires and automotive technologies, including solutions focused on safety, sustainability, and convenience. Its business spans the automotive and tire sectors, with a global industrial footprint. In threat-intelligence listings, continental.com was listed as a ransomware victim associated with LockBit3.

Tekniplex.be is the Belgian website for Tekniplex, a business-to-business manufacturer based in Belgium. Its published history says the company focuses on plastic components for aerosol and dispenser packaging, the stationery market, and medical applications. Tekniplex presents itself as an industrial supplier serving packaging and related manufacturing needs in Belgium. It was listed as a ransomware victim associated with lockbit3.

ConsuMax is an Argentine financial services brand based in Concordia, Entre Ríos, with customer-service channels, an online client portal, and consumer credit and payment offerings on its site. Public pages show it operates a card and financing service for users in Argentina and references loans, installment plans, and financial-user support. The entity appears in a threat-intelligence listing describing a hack and a large sensitive-data leak. It was listed as a ransomware victim associated with lv.

Bitron is an Italian industrial group headquartered in Grugliasco, near Turin, Italy. It develops and manufactures electromechanical and electronic devices and systems for automotive, home appliance, HVAC, and other industrial applications. Bitron says it operates globally across Europe, Asia, and the Americas, with multiple production plants and engineering teams worldwide. It was listed as a ransomware victim associated with blackbasta.

YMCA of Metropolitan Washington is a nonprofit organization based in Washington, DC, serving the District of Columbia, suburban Maryland, and Northern Virginia. It operates local YMCA branches and community programs focused on healthy living, youth development, and social services. The organization offers membership-based fitness and wellness activities, camps, child care, and other community services. It was listed as a ransomware victim associated with vicesociety.

Unidad Médica Angloamericana is a private medical clinic in central Madrid, Spain, offering outpatient healthcare with English- and Spanish-language support. Its published services include personalized medical check-ups, health promotion, and arranged imaging and other specialty care. The clinic operates at Calle Conde de Aranda 1 and presents itself as a private practice serving patients in Madrid. It was listed as a ransomware victim associated with vicesociety.

Saint Jean Industries is a French industrial group headquartered in Saint-Jean-d’Ardières, Rhône, with additional sites in Europe and North America. It supplies innovative solutions and manufactured parts for the automotive sector and other transport and industrial markets, including chassis and sub-assemblies. The company also describes broader activity across transport and energy-related applications. It was listed as a ransomware victim associated with lv.

AWESOME-DENTAL.COM - HACKED AND MORE THEN 100GB LEAKED appears to reference a dental healthcare organization, a provider category that focuses on diagnosis, prevention, and treatment of conditions affecting the teeth, gums, and mouth. Dental practices commonly offer checkups, cleanings, emergency care, aligners, and implants, serving patients through clinic-based oral health services. The listing title identifies the entity as a healthcare/pharma target in a cyber-extortion context, but this record does not by itself confirm the scope or details of any incident. It was listed as a ransomware victim associated with lv.

Wickersham Construction is a Lancaster, Pennsylvania-based construction and engineering firm that serves commercial, industrial, institutional, and environmental projects. The company offers design and engineering, project management, general contracting, concrete, masonry, demolition, and construction management services across the Mid-Atlantic region. Its website says it has served the Lancaster area for more than 110 years and operates from 777 East Ross Street. The listing identifies it as a ransomware victim associated with lv.

PARAMOUNT ENTERPRISE INTERNATIONAL HACKED AND MORE THEN 1.5 TB DATA LEAKED refers to PT Paramount Enterprise International, an Indonesian company associated with the Paramount Land property and lifestyle business. Its activities include township development, integrated mixed-use projects, real estate, and warehousing, with marketing and related commercial functions supporting those operations. Public business listings also connect the company to broader communications and marketing activity in Indonesia. It was listed as a ransomware victim associated with lv.

THEHURSTGROUP.CO.UK is the website of The Hurst Group, a Bradford-based UK services company that delivers interior fit-out and refurbishment work across commercial, education, retail, workplace, aviation, build-to-rent and leisure sectors. Its service lines include fit-out and refurbishment, bespoke joinery, performance timber doorsets, and mechanical and electrical services, with operations across the UK. Public contact details place its headquarters in Low Moor, Bradford, West Yorkshire. The listing identified THEHURSTGROUP.CO.UK - HACKED AND MORE THEN 2000GB SENSITIVE DATA LEAKED as a ransomware victim associated with lv.

ROUGIER HACKED. 1 TB SENSITIVE DATA LEAKED is a ransomware-victim listing tied to a French incident entry monitored by threat-intelligence trackers. The available record does not identify the organization’s sector, offerings, or operational details beyond the label itself. Public tracking shows the claim was first discovered on 2022-11-02. The listing was associated with the lv ransomware group and is presented as a neutral threat-intelligence reference.

GRUPO SIFU is a Spain-based facility services company and Centro Especial de Empleo that provides cleaning, maintenance and related support services to businesses and institutions. Public sources describe it as a leading social enterprise focused on labor integration for people with disabilities, with operations in Spain and activity also noted in Andorra and France. The listing names the entity as GRUPO SIFU HACKED. MORE THEN 2TB SENSETIVE DATA LEAKED AND READY FOR PUBLICATION and identifies it as a public sector ransomware victim. It is associated with the threat actor source lv.

Subcarn Echevarria is a Spanish company founded in 1958 that manufactures products for animal consumption, the agricultural sector, and industrial uses. The company specializes in the valorization and transformation of animal by-products not intended for human consumption, known as SANDACH. With over 30 years of experience, it operates in the subproduct transformation sector, delivering solutions for agricultural and industrial applications. Subcarn Echevarria was listed as a ransomware victim associated with the lv threat actor.

KINETIC.PH WAS HACKED. 200 GB ENGINEERING AND CONFIDENTIAL DATA LEAKED is presented as a Manufacturing and Engineering entity associated with the Philippines, where Kinetic-branded companies and services operate in industrial, technical, and manufacturing contexts. Publicly available pages linked to Kinetic names describe engineering recruitment, manufacturing process expertise, and manufacturing software use in the Philippines. The listing appears in a threat-intelligence context rather than as a verified incident report. It was listed as a ransomware victim associated with lv.

Sicotec AG is a Swiss company headquartered in Lausen, Basel-Landschaft, operating in the sector of trading with machines since 1993. The firm provides industrial machine trading services and maintains operations in Switzerland, with no public offerings beyond its core sector. It was hacked, resulting in the leakage of 200GB of sensitive data, though specific data types or breach confirmation remain unverified by official sources. The incident was listed as a ransomware victim associated with the threat actor lv, marking Sicotec AG among recent cyber-attack targets in the machine trading industry.

MCV Holding Company LLC is a U.S.-based holding company in the services sector that owns Midland Cogeneration Venture, a natural gas combined-cycle cogeneration facility in Midland, Michigan. The plant has supplied electricity and capacity to Consumers Energy and other industrial customers, making MCV Holding part of the region’s power infrastructure. Public corporate disclosures describe the asset as a 1,633 MW facility acquired in 2022. It was listed as a ransomware victim associated with quantum.

Grandview, Missouri is a city in Jackson County in the Kansas City metropolitan area, with a 2020 population of 26,209. It provides local government, public services, and community infrastructure for residents and businesses. The city also supports a local economy shaped by manufacturing, health care, and other employers across the region. Grandview, MO was listed as a ransomware victim associated with snatch.

Rooks Heath School is an 11–18 secondary school in Harrow, Greater London, England, serving a mixed student body. The school provides secondary education with a broad curriculum and describes itself as delivering excellent teaching. Its published profile places it on Eastcote Lane in Harrow and identifies it as part of the education sector. It was listed as a ransomware victim associated with vicesociety.

fiscosaudepe.com.br is the online presence of Fisco Saúde, a health-plan provider based in Recife, Pernambuco, Brazil, with member service and support channels for consultations, exams, authorizations, admissions, billing, and ombudsman contact. Its site also presents a privacy portal, provider signup, reciprocal coverage pages, and operational information for beneficiaries and partners. The organization serves clients through in-person and digital assistance tied to health-plan administration. It was listed as a ransomware victim associated with lockbit3.

Welcome to new customers! appears in threat-intelligence records as an organization in the Other sector, but available public sources do not confirm its location or describe specific offerings. The name suggests a business or customer-facing entity, yet no authoritative first-party profile was found to verify industry details beyond the broad sector label. In ransomware monitoring context, such listings identify entities named by a threat actor without independently proving a breach or data exposure. It was listed as a ransomware victim associated with shaoleaks.

Some of our customers was not payed to us for data decryption. So we publish some of his d is a vague ransomware-leak entry that does not identify a specific organization, offering, or location. Based on the available listing text, the entity appears to be cataloged in the Other sector and presented as a victim of data-extortion activity, a common pattern on leak sites that name organizations after failed ransom negotiations. The available record does not provide enough reliable detail to infer the company’s products, operations, or country. It was listed as a ransomware victim associated with shaoleaks.

Update for boxerproperty is associated with Boxer Property, a Texas-based real estate company focused on commercial office, industrial, and retail properties in the United States. The company markets leasing, property management, and tenant services across its portfolio, with activity centered in major Texas markets such as Fort Worth. Its public-facing materials present it as a commercial real estate operator and landlord. It was listed as a ransomware victim associated with shaoleaks.

Greetings to havi.com and tmsw.com appears to be a U.S.-based business entity identified by its domain names, but publicly available information does not clearly establish a specific industry, location, or offerings. The listing name suggests a reference to two web properties rather than a conventional corporate brand, so only limited factual context is available from open sources. In threat-intelligence indexes, such entries are commonly cataloged under victim names when attribution is reported by a leak or extortion actor. It was listed as a ransomware victim associated with shaoleaks.

Läderach is a family-owned Swiss chocolate and confectionery manufacturer headquartered in Ennenda, Glarus, Switzerland. Founded in 1962, it produces fresh chocolate and premium confectionery products for retail and international markets. The company is known for its chocolate craftsmanship and branded stores. Läderach was listed as a ransomware victim associated with bianlian.

Midland Cogeneration Venture (MCV) is a natural gas-fired cogeneration facility in Midland, Michigan, in the energy sector. It generates electrical power for customers in Michigan and the midcontinent and supplies bulk process steam to nearby industrial users. The plant has been described as one of the largest gas-fired cogeneration projects in the United States. It was listed as a ransomware victim associated with Quantum.

Genesys Aerosystems is a U.S.-based avionics company in the services sector, headquartered in Mineral Wells, Texas. It develops and manufactures integrated flight control and autopilot systems, including electronic flight instrument systems for fixed-wing, rotorcraft, military, and civil aircraft. The company was founded in 1997 and later acquired by Moog Inc. Genesys Aerosystems was listed as a ransomware victim associated with blackbasta.

STECINT_2 is a listed organization in the Other sector; based on the name alone, no reliable public details confirm its location, offerings, or operating profile. Black Basta is a ransomware group active since 2022 that uses double-extortion tactics and publicly names victims on its leak site. Public reporting shows the group has targeted organizations across many sectors, including professional services, manufacturing, healthcare, and real estate. STECINT_2 was listed as a ransomware victim associated with blackbasta.

CADEPLOY operates within the Other sector, providing unspecified offerings without a defined geographic location or specific service portfolio detailed in public records. As an entity with limited publicly available operational data, its core activities and regional presence remain generally described rather than explicitly confirmed. The organization was listed as a ransomware victim associated with the Black Basta threat actor, which has targeted over 500 organizations globally across critical infrastructure sectors. Black Basta employs double-extortion tactics, encrypting data and threatening to release stolen information if ransoms are not paid. No official first-party disclosure date from CADEPLOY regarding this incident has been publicly verified or confirmed by the company itself.

Zuri Furniture is a contemporary and modern furniture retailer based in Dallas, Texas, with showrooms in the Dallas-Fort Worth area. It sells home and office furnishings, including seating, dining, bedroom, bar, outdoor, and office pieces, and also offers design services for residential and commercial projects. The company says it operates retail showrooms in Dallas and Frisco and serves customers across the region. It was listed as a ransomware victim associated with lockbit3.

will-b.jp is the website of Willbe Co., Ltd., a company based in Tsushima, Aichi Prefecture, Japan. The company designs, manufactures, and sells general-purpose engines and related equipment under the MEiKi POWER brand, with domestic and overseas locations. Its public company information describes a manufacturing and sales business serving industrial customers. In threat-intelligence indexing, will-b.jp was listed as a ransomware victim associated with lockbit3.

Thales Group is a French multinational aerospace and defence corporation specializing in electronics, governed by French law and headquartered in La Défense, France. The company provides advanced solutions across three core segments: Aerospace, Defence & Security, and Digital Identity & Security, serving private, government, and defense customers globally. Its offerings include avionics, space systems, secure communications, land and air systems, and digital identity protection for data security. Thales operates in Europe, North America, Australia, and New Zealand, with over 85,000 employees and annual revenue exceeding $25 billion. The company was listed as a ransomware victim associated with the LockBit3 threat actor.

Sociedad Bilbaina is an exclusive social club in Bilbao, Spain, founded in 1839 and based at 1 Navarra Street in the city center. It describes itself as a social, cultural, and gastronomic landmark and offers member services including dining and private rooms. The club has long-standing historic premises and serves members from its headquarters in Bilbao. It was listed as a ransomware victim associated with lockbit3.

Seamless Global Solutions is a Puebla, Mexico-based company associated with apparel manufacturing, including seamless garment production and performance wear. Public business listings describe it as operating in the textile and apparel supply chain from Huejotzingo, Puebla, and note products such as underwear, activewear, and base layers. Industry directories place the firm in apparel knitting mills, while company profiles and social pages present it as a manufacturing operation in Mexico. It was listed as a ransomware victim associated with lockbit3.

Santimuni.com is associated with Santi Muni SL, a Spanish company in the business-services sector. Public business directories describe its activity as advising companies and individuals on accounting, commercial, tax, labor, and financial matters, and identify it in La Bisbal d'Empordà, Girona, Spain. The domain name reflects the company brand used for its online presence. It was listed as a ransomware victim associated with lockbit3.

Macrotel S.A. is an Argentina-based fintech and technology company in Buenos Aires, operating from Sarmiento 930 in the capital. Its website describes it as a specialist in financial telecommunications and an integrator of financial trading-room solutions for the finance and telecommunications markets. The company says it provides reliable solutions with an emphasis on innovation, availability, and service. It was listed as a ransomware victim associated with LockBit3.

Hoosierco.com is the website of The Hoosier Company, LLC, a privately held Indianapolis-based business with more than 90 years of construction and highway safety product sales experience. The company says it supplies a broad range of products for highway construction projects and also serves as a pre-qualified contractor with the Indiana Department of Transportation. Its headquarters are in Indianapolis, Indiana, and its business is described in sector listings as construction-related and highway safety focused. It was listed as a ransomware victim associated with lockbit3.

Happmobi é uma edtech brasileira de educação corporativa com sede em São Paulo, voltada a treinamento e gestão de aprendizagem para empresas. A companhia oferece uma plataforma LMS e LXP com automação, gamificação, catálogo de cursos, consultoria educacional e recursos de análise de desempenho. Seu site também destaca uso de inteligência artificial e biblioteca de aprendizagem integrada para apoiar programas corporativos. A listing identifies happmobi.com.br as a ransomware victim associated with lockbit3.

gruposanford.com is a web domain associated with a company in the Other sector; publicly available search results do not provide enough reliable detail to identify its exact offerings or location with confidence. In threat-intelligence cataloging, it is treated as an organizational target rather than a consumer brand or regulated-industry operator. The listing is used for neutral indexing and does not itself confirm the scope or impact of any incident. It was listed as a ransomware victim associated with lockbit3.

Exco.fr is the website of EXCO, a France-based network of accounting, audit, consulting, tax, legal, and human-resources firms. Headquartered in Paris, it presents itself as one of France’s top multidisciplinary accounting and audit networks, serving entrepreneurs and businesses through local member firms. Its services are designed to support company management, compliance, and advisory needs across France and internationally. The entity was listed as a ransomware victim associated with lockbit3.

Coopavegra R.L. is a savings and credit cooperative based in Palmares, Alajuela, Costa Rica, specializing in financing for the agricultural sector, including major and minor livestock operations. The organization offers capital working credits and asset purchase credits under the National Development Banking System, supporting productive and economically viable projects for its members. It promotes decentralized economic development and active member participation in community growth. Coopavegra R.L. was listed as a ransomware victim associated with the LockBit3 threat actor.

close-upinternational.com.uy is the Uruguay domain for Close-Up International, a Services-sector company focused on pharmaceutical market data, analytics, CRM, and related consulting for life-sciences clients. The company presents itself as a provider of information services and content for healthcare and pharmaceutical decision-making, with operations across Latin America and other markets. Its offerings center on prescription and sales intelligence, business intelligence, and commercial support tools. It was listed as a ransomware victim associated with lockbit3.

Caçula is a company operating in the Training industry, headquartered in Rio de Janeiro, Brazil, with 20 to 49 employees and annual revenue between $1 million and $5 million. The organization provides educational services and training programs, including both in-person and online courses focused on crafts and skills for extra income or hobby development. It serves learners seeking to gain practical techniques and inspiration through structured classes. Caçula was listed as a ransomware victim associated with the LockBit3 threat actor, with no further details on the incident disclosed publicly.

bellettiascensori.it is the website of Belletti S.r.l., an Italian company based in Mestrino, Padua, in the Veneto region of Italy. The company specializes in elevators, lifts, and hoists, and says it designs, produces, installs, services, and maintains these systems. Its offerings are centered on elevator solutions for transport and handling applications. It was listed as a ransomware victim associated with LockBit3.

AA Anchor Bolt is a Northville, Michigan manufacturer that produces anchor bolts, threaded rod, custom fasteners, and related precast concrete products for industrial and construction use. The company says it serves Metro Detroit, Toledo, and nearby markets, with capabilities that include custom bending, rolling, cutting, and specialty bolt fabrication. Its website positions it as a precision fastener supplier for project-specific requirements. It was listed as a ransomware victim associated with lockbit3.

HENSOLDT France is the French unit of HENSOLDT, a European defence and security technology group with operations in Toulouse, France. Its core work in France spans simulation and system integration, tactical communications, embedded cybersecurity, and related electronic systems and services for defence customers. The company’s French presence reflects activity in industrial, aerospace, and security-adjacent technology markets. It was listed as a ransomware victim associated with snatch.

byp-global.com is the website of BYP Global, a services company based in Seville, Spain, that describes itself as a provider of marketing engineering and merch solutions. It serves FMCG and beverage brands with sustainable, cost-efficient product and campaign support, and its LinkedIn profile classifies it in the advertising services sector. The company also operates BYP Spark for product discovery, sourcing, and collaboration. It was listed as a ransomware victim associated with lockbit3.

Saurer.com operates as a professional construction services provider headquartered in Columbus, Ohio, United States, specializing in commercial HVAC, plumbing, industrial systems, and building automation. The company serves diverse industries including healthcare, aerospace, and research facilities, delivering complex mechanical solutions for projects such as Nationwide Children's Hospital and the Kennedy Space Center. With a focus on preconstruction services and system design, Saurer.com emphasizes safety, quality, and craftsmanship, earning multiple awards for its achievements in the field. The entity was listed as a ransomware victim associated with the threat actor LockBit3, though no specifics regarding stolen data or breach confirmation are publicly disclosed.

railway.gov.tw is the official website of Taiwan Railway Corporation, Ltd., a state-owned railway operator in Taiwan’s transportation sector. It supports passenger and freight rail services and provides train operation information, fares, station details, and online ticketing. The site also offers 24-hour booking functions, ticket collection guidance, and related travel services for domestic rail passengers. It serves as a central digital channel for Taiwan’s rail network and customer booking system. It was listed as a ransomware victim associated with lockbit3.

Lincare is a U.S.-based healthcare services company headquartered in Clearwater, Florida, that provides home respiratory therapy, oxygen equipment, CPAP supplies, ventilation support, and related patient services. Its site describes it as the country’s leading respiratory supplier, serving about 1.8 million patients through home-based care and support. The company also offers patient-facing tools for managing supplies, records, and payments. Lincare was listed as a ransomware victim associated with lockbit3.

Asahi Group Company Limited operates from Hong Kong and supports production sites in Dongguan, China. It specializes in precision metal stamping, precision metals, thin-film coatings, and related end-to-end manufacturing services for industrial customers. The company describes itself as a mechanical solution provider with more than 40 years of experience and ISO-certified capabilities. It was listed as a ransomware victim associated with BlackByte.

Fox Valley Special Recreation Association (FVSRA), located in Aurora, Illinois, is a non-profit organization dedicated to providing therapeutic recreation and leisure activities for individuals with special needs. The association operates programs such as its Winter and Spring sessions, offering therapeutic engagement within facilities like the Vaughan Athletic Center. FVSRA collaborates with local entities like the Oswegoland Park District to deliver inclusion services and reasonable modifications for participants. The organization was listed as a ransomware victim associated with the LockBit3 threat actor.

Japan Green Stamp CO.,LTD is a marketing and advertising company headquartered in Tokyo, Japan, that provides marketing support services including point card operation and data analysis for various businesses. Since 1963, the firm has led in loyalty and point card systems across Japan, offering wide experience with point systems nationwide. The company serves clients in the marketing sector with solutions tailored for business marketing support and data-driven strategies. Japan Green Stamp CO.,LTD was listed as a ransomware victim associated with lockbit3.

The Bishop of Hereford's Bluecoat School is a voluntary aided Church of England secondary school in Hereford, England. It is based in Tupsley on Hampton Dene Road and serves pupils aged 11 to 16 within the education sector. The school provides a comprehensive secondary education and publishes student support and access information on its official site. It was listed as a ransomware victim associated with vicesociety.

Kujalleq Municipality is a public-sector local government authority in southern Greenland, with its administrative center in Qaqortoq. It provides municipal services and supports local administration, infrastructure, and community operations across the region. Public listings describe the municipality as a government entity and reference its official contact and public-service role. It was listed as a ransomware victim associated with vicesociety.

AT&T is an American multinational telecommunications company headquartered in Dallas, Texas, and is the world's third-largest telecommunications firm by revenue. It operates as the third-largest wireless carrier in the United States and the nation's largest fiber internet provider, delivering wireless, broadband, and entertainment services to consumers and businesses across the country. The company serves both consumer and enterprise markets through segments including Mobility, Business Solutions, and the Entertainment Group. AT&T was listed as a ransomware victim associated with the threat actor everest.

Duravit AG is a German company headquartered in Hornberg, Baden-Württemberg, that manufactures premium designer bathroom products, including sanitary ware and related fittings, for international markets. The company operates multiple sites in Germany and abroad, including a climate-neutral ceramic production facility in Matane, Québec, Canada. In threat-intelligence catalogs, it appears as an entity in the Other sector because its business is broad industrial manufacturing rather than a single regulated vertical. It was listed as a ransomware victim associated with ragnarlocker.

Steele Solutions is a U.S. manufacturing and engineering company headquartered in South Milwaukee, Wisconsin, with additional facilities in Milwaukee, Wisconsin, and Tiffin, Ohio. It designs and manufactures steel work platforms, mezzanines, custom chutes, and security lockers, serving industrial and material-handling applications. Company materials describe it as a national leader in highly engineered work-platform solutions and related fabricated steel products. It was listed as a ransomware victim associated with lockbit3.

Miracapo Pizza Company is a U.S.-based food services business headquartered in Elk Grove Village, Illinois. It manufactures and supplies frozen pizzas and flatbreads as a contract manufacturer for retail, food service, convenience store, private-label, and branded customers. Company materials describe it as a full-service pizza partner with domestic and international sourcing and supply-chain support. It was listed as a ransomware victim associated with lorenz.

Tiffin Metal Products is a manufacturing and engineering company based in Tiffin, Ohio, with operations at 450 Wall Street. It produces custom solutions for the material handling and locker industries, including OEM and workplace products. Company profiles also describe it as a designer and manufacturer of steel work platforms, mezzanines, and related industrial systems. It was listed as a ransomware victim associated with lockbit3.

Stages Pediatric Care DataBase on Sale is listed as a pediatric-care-related database in the Other sector and appears in Everest’s extortion disclosures. Available records describe it as a database containing client, payment, laboratory, billing, user, demographic, and lab-result information, with the listing framed as a data-for-sale victim page. The name suggests a healthcare-adjacent pediatric care organization, but the public listing does not provide a verified physical location or service profile beyond the database contents. It was listed as a ransomware victim associated with everest.

Associated Lighting Representatives (ALR) is a California-based agency that represents lighting and controls manufacturers, serving the specification and distribution market from its Oakland headquarters and additional Western U.S. offices. Founded in 1961, ALR has expanded its offerings to include lighting controls, EV charging stations, and battery energy storage, and it presents itself as an employee-owned firm with five offices and more than 150 employee-owners. Its business centers on manufacturer representation, sales support, and related communications for the lighting industry. It was listed as a ransomware victim associated with blackbasta.

CCL operates as a global provider of specialised engineered solutions for structures, with offices and production sites across multiple countries and a headquarters in Leeds, West Yorkshire, United Kingdom. Its website describes more than 90 years of experience and a presence on five continents, supporting construction projects worldwide. Company materials also reference services and client communications across international locations. The entity cclint.com was listed as a ransomware victim associated with BlackByte.

municipiochihuahua.gob.mx is the official website of the Government of the Municipality of Chihuahua, in Chihuahua, Mexico, serving the city’s public-sector administration and local residents. It offers online municipal services and portals such as property tax, a virtual counter, procurement, participatory budgeting, and planning tools, alongside notices and civic convocations. The municipality’s official materials describe its role in managing public policies and local services for the state capital and surrounding communities. It was listed as a ransomware victim associated with blackbyte.

Essick Air Products is a Little Rock, Arkansas manufacturer that produces humidifiers, air purifiers, evaporative coolers, and related parts and accessories. The company is headquartered on Murray Street and has long marketed residential and commercial comfort products for indoor air management. Public business profiles place it in Arkansas and describe its offering mix across cooling, humidification, and air-treatment equipment. It was listed as a ransomware victim associated with blackbasta.

SSKB Strata Managers is a body corporate and community management company operating across Queensland and New South Wales in Australia, with headquarters in Bundall, QLD. Founded over 28 years ago, the firm specializes in real estate services, delivering strata management, community solutions, and owner corporation support for residential and commercial schemes. Its client solutions team provides accessible assistance via phone, email, and live chat to enhance community living experiences. SSKB Strata Managers was neutrally listed as a ransomware victim associated with the LockBit3 threat actor.

Rundle Eye Care is an eye care provider in California, part of the healthcare sector, offering patient eye-care services through its practice. The listing refers to a data-breach incident associated with that organization and its patient records, reflecting a cybersecurity event involving a medical provider. As cataloged in threat-intelligence reporting, the entity was listed as a ransomware victim associated with everest.

Tata Power Company Limited is an Indian electric utility and integrated power company based in Mumbai, Maharashtra, India. It operates across electricity generation, transmission, distribution, renewables, solar EPC, EV charging, and rural electrification, making it one of India’s largest power businesses. Its portfolio spans conventional and clean-energy services for residential, commercial, and industrial customers. It was listed as a ransomware victim associated with Hive.

Pendragon plc is a United Kingdom automotive retail company based in Nottinghamshire, operating franchised motor vehicle dealerships and related sales services. Public company profiles describe it as active in motor vehicles and automotive sales, with operations tied to brands and dealership networks in the UK and California. The company’s head office is listed in Annesley, Nottinghamshire. It was listed as a ransomware victim associated with LockBit3.

Kenosha Unified School District is a public **education** district in **Kenosha, Wisconsin, United States**, serving students through K-12 schools. It operates elementary, middle, high, choice, specialty, and early childhood programs for families across the district. The district’s school options page shows that it offers a range of schools designed to meet the needs of learners in grades 4K-12. It was listed as a ransomware victim associated with **snatch**.

A G Equipment Company is a services-sector industrial equipment firm based in Broken Arrow, Oklahoma, in the United States. The company builds compressor packaging solutions and complete packages for gas gathering, transmission, production, process, storage, and instrument air applications. Public company profiles also describe it as a manufacturer and distributor of industrial compressors and related gas-processing systems. It was listed as a ransomware victim associated with blackbasta.

Diamond Mowers is a machinery manufacturer based in Sioux Falls, South Dakota, specializing in high-quality, durable mowing attachments for skid-steers, excavators, tractors, and wheel loaders. The company offers boom mowers, rotary mowers, flail mowers, and forestry mulchers for municipalities, contractors, and landowners engaged in brush clearing operations. Founded in 2000 by the Doyle family, Diamond Mowers has grown into a leading producer of industrial mowing and mulching equipment. The firm was listed as a ransomware victim associated with the threat actor blackbasta.

BOOTZ is listed in the Other sector, but the available search results do not provide enough reliable public detail to confirm its location, offerings, or operating profile. Based on the name alone, it should be treated as an identified entity in a threat-intelligence catalog rather than a fully profiled company. Public reporting on Black Basta shows the group targets organizations across many sectors and countries, often using double-extortion tactics. BOOTZ was listed as a ransomware victim associated with blackbasta.

EDC3 is a privately held wholesale company based in Jacksonville, Florida, and sources describe it as operating from 5343 Bowden Rd with a small company footprint. Company profiles also tie EDC3 to the produce and wholesale trade, indicating offerings related to agricultural and food distribution rather than a consumer-facing retail brand. Public listings place the business in the wholesale sector and note its U.S. headquarters in Florida. It was listed as a ransomware victim associated with blackbasta.

J.M. Rodgers Co. is a U.S.-based logistics and trade-services company founded in 1951 and family owned. It specializes in customs brokerage, duty drawback, freight forwarding, freight management, trade compliance, and related high-touch logistics services, with offices in New Jersey, New York, and Connecticut. Its public materials describe it as serving global logistics needs with a focus on customs and transportation coordination. The company was listed as a ransomware victim associated with blackbasta.

Altro.com is the website for Altro, a British manufacturer and supplier of flooring and wall cladding systems for construction and transport. The company operates globally, including in the United States, from its Altro USA office in Wilmington, Massachusetts, with additional North American locations. Its products serve a range of sectors and are positioned around safety, durability, and specialist surface performance. Altro.com was listed as a ransomware victim associated with blackbasta.

STONE1 appears to be a business entity classified in the other sector, but public sources in this index do not provide a clear description of its products, services, or location. Black Basta is a Russia-linked ransomware group active since 2022, known for double-extortion tactics and victim listings across many industries, with a strong focus on Western organizations, especially in the United States. In this catalog context, STONE1 is recorded as a ransomware victim associated with blackbasta.

Grupo Jaime Câmara is a Brazilian communications group based in Goiânia, Goiás, with offices also in other cities in Brazil. It operates newspapers, television, radio, and online media, and is described as one of the largest communication groups in Brazil’s Center-West region. Public profiles also place it among media and broadcasting organizations with a broad regional footprint. It was listed as a ransomware victim associated with vicesociety.

TMShipping is a Florida-based transportation company that provides vehicle shipping and auto transport services across the United States, including nationwide lower-48 coverage. Public listings place it in Hollywood and North Miami Beach, Florida, and describe it as a car shipping provider serving customers moving personal vehicles and managing transport needs. Its offerings are centered on car transport quotes, shipping coordination, and related logistics support for individual and commercial customers. It was listed as a ransomware victim associated with vicesociety.

HALYVOURGIKI.S.A. is a Greek steel company with a long operating history in the country’s metals sector, known for producing steel products for industrial and construction use. Public company profiles describe it as based in Greece and active in steel manufacturing, including hot-rolled and cold-rolled steel products. The company is associated with the Greek steel industry and the broader industrial materials sector. It was listed as a ransomware victim associated with vicesociety.

Marist College Ashgrove is a single-campus Catholic school in Ashgrove, Queensland, Australia, offering education from Years 5 to 12 for day and boarding students. Established in 1940, the college spans over 10 hectares near Brisbane's CBD and provides academic and sporting facilities within the Marist Tradition. It serves 201–500 employees in the primary and secondary education sector, combining day and boarding programs with learning enrichment and senior curriculum offerings. The institution was neutrally listed as a ransomware victim associated with the threat actor vicesociety, with no confirmed details on stolen data or breach specifics.

Pate's Grammar School is a co-educational grammar school in Cheltenham, Gloucestershire, England, serving students aged 11 to 18. It is a state-funded selective school that provides secondary education on its west Cheltenham campus. The school has a long history and presents itself as a provider of free education to pupils in Cheltenham and surrounding areas. It was listed as a ransomware victim associated with vicesociety.

Test Valley School was a comprehensive secondary school in Stockbridge, Hampshire, England, serving the local rural community. It provided secondary education to pupils in the Test Valley area before becoming Danebury School. In threat-intelligence records, the entity is associated with the education sector. It was listed as a ransomware victim associated with vicesociety.

Mars Area School District is a public K-12 school district in Mars, Pennsylvania, serving students across five school buildings: three elementary schools, one middle school, and one high school. The district provides general and special education services and communicates district information through its website, newsletter, and school media channels. Its main office is in Mars, Butler County, and the district reports an enrollment of about 3,315 students. It was listed as a ransomware victim associated with vicesociety.

Maternite des Bluets, also known as Hôpital Pierre Rouquès – Les Bluets, is a health facility in Paris’s 12th arrondissement, France. It provides maternity care, gynecology, PMA/fertility services, sexual health care, and related surgical services. The hospital operates from the Rue Lasson site, with additional consultations at the Netter site in Paris. It was listed as a ransomware victim associated with vicesociety.

Lightbank is a U.S.-based venture capital and investment firm focused on backing technology companies, with its public site presenting investor, portfolio, team, jobs, and blog pages. It operates in the finance ecosystem and is associated with commercial and legal-adjacent business activity through its investment platform. Public records show a California firm named Light Bank and Trust was also subject to regulatory action for unauthorized banking activity, underscoring the need to distinguish similarly named entities. Lightbank was listed as a ransomware victim associated with quantum.

Stages Pediatric Care is a pediatric clinic in Orange City, Florida, offering primary care and children’s care services for infants, children, and adolescents. Public directory listings place its practice at 947 Town Center Dr in Orange City and identify it as a medical group specializing in pediatrics. In threat-intelligence context, the name “Stages Pediatric Care New 40 personal records” is used as an index entry for the organization. It was listed as a ransomware victim associated with everest.

Stages Pediatric Care New is a pediatric healthcare provider in the United States that offers child-focused medical care, including routine visits and sick-child services, through a pediatric practice setting. The name and records-request context indicate it handles patient information and clinical administration as part of its healthcare operations. In threat-intelligence catalogs, the entity is indexed as a ransomware victim listing under the Everest threat actor, reflecting a reported incident association rather than an independent verification of breach scope.

une.edu.pe is the official website of Universidad Nacional de Educación Enrique Guzmán y Valle, a public university in Peru. Its site presents institutional information, admissions, academic structure, and faculty services, including the Facultad de Tecnología and virtual student portals. The university serves the education sector from La Cantuta-Chosica, Lima, Peru. It was listed as a ransomware victim associated with BlackByte.

Pitman Farms is a privately held US poultry producer in California that has operated since 1954 and markets turkey and chicken products. Public records describe the company as raising, processing, and distributing poultry, with operations tied to Kingsburg and Sanger, California, and Utah. Its web presence includes a customer portal and references to contract growers and poultry production. It was listed as a ransomware victim associated with BlackByte.

Weidmüller is a global industrial company headquartered in Detmold, Germany, with operations and distributors in more than 80 countries and a long history dating to 1850. It develops smart industrial connectivity and automation solutions, including electrical connection and industrial electronics products for manufacturing and infrastructure use. The company also serves international customers through regional operations, including Weidmuller USA in Richmond, Virginia. In threat-intelligence records, Weidmuller was listed as a ransomware victim associated with snatch.

Rosenblatt Securities is a New York-based research and investment banking boutique and agency-only institutional brokerage firm serving financial-services clients and institutional investors. The firm offers execution services, equity research, market-structure analysis, trading analytics, and FinTech investment banking, with emphasis on the technology, media, and telecommunications sectors. Its public materials describe it as an independent brokerage and advisory firm operating from New York. It was listed as a ransomware victim associated with quantum.

Unimed Belém is a Brazilian health cooperative based in Belém, Pará, that serves members through health-plan and related care services. Public company materials and listings identify it as part of the Unimed network and place its office in Belém, Brazil. The organization also presents communication and marketing activity, including awards and campaign-related initiatives. It was listed as a ransomware victim associated with ransomexx.

Dollmar S.p.A. is an Italian industrial chemicals distributor founded in 1948 and based in Caleppio di Settala, Milan, serving sectors including pharmaceuticals, mechanical industry, polyurethane, PVC, inks, paints, sealants, and adhesives. Its portfolio includes distributed and manufactured chemicals, with a focus on chemical-pharmaceutical applications and industrial processing. The company operates from Via Buozzi 2 in Settala and presents itself as a long-standing supplier to multiple manufacturing markets. It was listed as a ransomware victim associated with ragnarlocker.

DIPF-INTERN - Leaked is a threat-intelligence listing for a victim entry in the other sector, with a Germany-based context implied by the entity name. Public sources do not provide a verified business profile, so the listing is best treated as an index record rather than a full organizational description. Ransomware.live records the entry as discovered on 2022-10-18 and links it to the Ragnar Locker leak site. It was listed as a ransomware victim associated with ragnarlocker.

Wes-tec inc is a California-based company in the services sector that specializes in turnkey commercial wireless and public safety integration. The firm provides design, construction, integration, optimization, and maintenance services to carriers, neutral hosts, and venue owners. Since 2003, Wes-tec inc has focused on building and transforming advanced wireless networks using RF engineering expertise. The company was listed as a ransomware victim associated with the threat actor lorenz.

MultiCare.org is the website of MultiCare Health System, a not-for-profit healthcare organization based in Tacoma, Washington. It operates hospitals, clinics, urgent care centers, and specialty medical programs across its service network. The organization serves the healthcare sector and provides a broad range of medical services to patients in the United States. It was listed as a ransomware victim associated with Everest.

MultiCareInc DataBase Leak refers to a threat-intelligence listing tied to a Services-sector organization in the United States, with the name suggesting a database-related incident involving MultiCareInc. In this context, the entry functions as a catalog record for a potentially impacted business rather than a verified public breach report. Services companies commonly provide customer-facing, operational, or administrative support offerings, which can include data-heavy systems and records management. It was listed as a ransomware victim associated with everest.

Stages Pediatric Care is a pediatric care practice in Orange City, Florida, in the Other sector, providing medical services for infants, children, and adolescents. Public directory listings place the clinic at 947 Town Center Dr, Orange City, FL, and identify it as a pediatrics practice. The practice also references online appointment access and patient communication services for families seeking routine pediatric care. It was listed as a ransomware victim associated with everest.

CSW GmbH is a German company headquartered in Munderkingen, Baden-Wuerttemberg, specializing in tailored IT solutions for small and medium-sized enterprises. The firm focuses on server and storage systems, networks, security, and related office products retail and distribution services. With 10 to 19 employees and revenue under $5 million, CSW GmbH serves the Office Products Retail & Distribution industry. The company was listed as a ransomware victim associated with the threat actor blackbasta.

Kingfisher Insurance is a UK specialist insurance broker serving clients across finance, legal, and insurance-related risk areas. Its website describes market-leading insurance policies and specialist cover through offices in Birmingham, Hampshire, and Leeds, with a head office in Rubery, England. The company also operates branded services such as Kingfisher Risk Solutions and classic vehicle insurance offerings. It was listed as a ransomware victim associated with LockBit3.

tokaisolidtire.com is the online presence of Mouldmate, a Thailand-based manufacturer of TOKAI tires, tracks, wheels, and related industrial rubber products. The site describes offerings for forklifts, skid steers, telehandlers, graders, OTR equipment, and rubber tracks, with production and engineering capabilities for custom and OEM-spec work. Its catalog emphasizes industrial tire solutions used in construction, material handling, and similar heavy-duty sectors. The domain was listed as a ransomware victim associated with LockBit3.

oomiya.co.jp is the official website of OHMIYA CORPORATION, a chemical industrial firm headquartered in Tokyo, Japan, specializing in chemical industrial products, electronic materials, equipment systems, and pharmaceutical development services. The company has operated for over half a century, evolving from chemical industrial chemicals to electronic materials and environmentally conscious machinery and equipment sectors. It serves diverse industries including semiconductors, telecommunications, automotive, medical, and environmental fields through its material development and proposal services. OHMIYA CORPORATION maintains multiple business offices across Japan, including Tokyo, Sendai, Osaka, Nagasaki, Kumamoto, and Kagoshima. The company was neutrally listed as a ransomware victim associated with the lockbit3 threat actor.

King Team Co., Ltd. is a Taiwan-based precision machining manufacturer in Taoyuan City that serves aerospace, semiconductor, and precision measurement markets. Its website describes more than 40 years of experience and AS9100 D certification, with custom machining and ODM development capabilities. The company presents itself as a professional engineering supplier focused on high-precision components and related industrial solutions. It was listed as a ransomware victim associated with LockBit3.

Groupe Savoie is a New Brunswick, Canada-based hardwood manufacturing company headquartered in Saint-Quentin, with operations in Westville, Nova Scotia. It produces hardwood products and components, including pallets, furniture components, hardwood lumber, ecological fuels, and related wood products for industrial and commercial use. The company describes itself as a leading producer that exports finished and semi-finished products and operates sawmills as part of its forestry manufacturing business. It was listed as a ransomware victim associated with lockbit3.

eureka-puzzle.eu is the website of Eureka BVBA, a Belgium-based company with more than 30 years of experience in brainteasers and 3D puzzles. Its site presents products such as wooden, metal, bamboo, and escape-box puzzles, along with puzzle solutions and retailer resources. The company describes itself as a partner for brainteasers and 3D puzzles in a specialized niche market. It was listed as a ransomware victim associated with lockbit3.

Eeckman Art & Insurance is an art insurance broker based in Belgium, with offices in Brussels, Antwerp, Geneva and Monaco, and a presence in Paris. It serves the art sector across Europe with insurance-related services for collectors, galleries and other market participants. The company describes itself as a family business with an established reputation in the art insurance field. It was listed as a ransomware victim associated with LockBit3.

Centurion Health is a healthcare organization based in Poland that specializes in providing medical and behavioral services to incarcerated and correctional populations. The company operates within the healthcare sector, delivering care to individuals in correctional environments across multiple sites. Its offerings include comprehensive health plans and behavioral healthcare services designed to support multi-site large populations. Centurion Health was listed as a ransomware victim associated with the LockBit3 threat actor.

castemark.tw is a Taiwan-based entity in the Other sector. Publicly available context does not clearly define its core offerings, so it is best described in neutral catalog terms rather than by assuming a specific product line or service model. The domain indicates a Taiwan presence, but the available evidence here is limited. It was listed as a ransomware victim associated with lockbit3.

Quantumce.com is the website of Quantum Consulting Engineers, a structural engineering firm based in Welwyn Garden City, Hertfordshire, England. The company specializes in structural design for new and existing buildings, with over 20 years of experience in the development sector and a portfolio of award-winning projects. Quantumce.com serves as a professional platform to showcase their civil and structures offerings and provide contact information for clients. The firm is listed as a ransomware victim associated with the LockBit3 threat actor.

MultiCare DataBase Leak appears to refer to a U.S.-based entity in the Other sector whose name suggests a data or database-related service. In threat-intelligence indexing, it is cataloged as a potential ransomware victim rather than a confirmed public breach notice, and no official service, product, or operational details are provided in the listing. MultiCare is also the name of a U.S. healthcare system, but the available listing does not confirm that organization as the subject. It was listed as a ransomware victim associated with Everest.

villajuris.be is the website of Villa Juris Advocaten, a law firm based in Hasselt, Belgium. The firm provides legal services in areas including administrative law, construction law, and related advisory work. It operates in the Other sector and serves clients from its Belgian office. It was listed as a ransomware victim associated with LockBit3.

Tamhash.co.il is a metal industries company based in Israel, operating facilities in Rishon LeZion and Ashkelon. The firm specializes in manufacturing electrical cabinets, auxiliary equipment, and galvanized steel products for metal processing and electricity sectors. It holds approved systems up to 4000A using brands like ABB, Schneider Electric, and General Electric. Tamhash serves contractors, institutions, and consumers across various fields of metal processing and electrical products. The company was listed as a ransomware victim associated with the lockbit3 threat actor.

M.K. Real Estate Development Public Company Limited is a Thailand-based real estate firm headquartered in Bangkok, specializing in developing and selling residential properties including detached houses, twin houses, townhomes, and condominiums. The company operates through four segments: Real Estate; Rental Warehouse, Factory and Others; Property Management; and Health and Wellness Center. It develops land and sells land, detached houses, twin houses, townhomes, and condominiums, with operations founded in 1956 and based in Bangkok. M.K. Real Estate Development Public Company Limited was listed as a ransomware victim associated with LockBit3.

Kilvington Grammar School is an independent, Baptist, co-educational private school in Ormond, Victoria, Australia. Its website serves the school community and provides information about enrolment, campus life, wellbeing, and education from early learning through Year 12. The school operates from its Ormond campus in Melbourne and presents itself as a K–12 learning environment. kilvington.vic.edu.au was listed as a ransomware victim associated with LockBit3.

An electricity company and Air Defense Solutions provider operating in the Energy sector delivers reliable power and critical defense energy infrastructure to U.S. military installations and national security operations. Based in the United States, this entity offers turnkey energy, HVAC, and power solutions tailored for aerospace and defense missions, ensuring uninterrupted continuity for mission-critical systems. The company collaborates with private industry and DoD organizations to identify energy resilience gaps and deploy integrated technology solutions that enhance security and reduce emissions. It was neutrally listed as a ransomware victim associated with the threat actor everest.

Heron Construction Co Ltd is a family owned and operated marine construction company based in Papakura, Auckland, New Zealand. The company focuses on civil engineering, dredging, and tug-and-barge services, including marine dredging using backhoe dredgers. Its website lists a New Zealand office at 73 Boundary Road in Papakura and a contact address in the same area. It was listed as a ransomware victim associated with LockBit3.

bankruptcypa.com is the website of Sabatini Law Firm, LLC, a Pennsylvania bankruptcy practice serving individuals and families with debt-relief and bankruptcy representation. Its site says the firm helps clients assess legal options, handle Chapter 7 and Chapter 13 matters, and manage financial-crisis cases from offices in Dunmore and Wilkes-Barre, Pennsylvania. The firm also states that attorney Carlo Sabatini is board certified in consumer bankruptcy law and that the practice was founded in 1999. It was listed as a ransomware victim associated with lockbit3.

Electricity company pt.3 operates within the Energy sector, primarily in the United States, where it generates and supplies electricity and commercial heat to consumers. As a third-party electric supplier, it sells power directly to customers separate from the local utility, offering flexible pricing plans and renewable energy options. The company serves customers in deregulated markets, allowing them to choose energy plans that fit their needs while the local utility maintains infrastructure. Electricity company pt.3 was listed as a ransomware victim associated with the threat actor everest.

nelsonautohaus.com appears to represent Nelson’s Autohaus, an automotive dealership business in Thailand with BMW-branded showrooms and related services. Public-facing materials describe locations in Chonburi and Rayong and position the business as an authorized BMW dealer offering sales, service, and body-and-paint support. The site serves customers in the automotive retail sector and presents dealership and after-sales contact information. It was listed as a ransomware victim associated with LockBit3.

ZIGI NY is a U.S.-based fashion and footwear company headquartered in Miami, Florida, with an additional showroom in North Miami. Its website describes the brand as designing trend-setting women’s footwear and handling design, development, production, and distribution. Company profiles place it in apparel and accessories retail within the broader services-related fashion sector. Fashion company ZIGI NY - Leaked was listed as a ransomware victim associated with ragnarlocker.

MultiCare pt.3 is associated with the healthcare sector in the United States and appears in a threat-intelligence context as a ransomware-victim listing. The name suggests it is one part of the MultiCare grouping or a related business unit, but the available sources do not provide a reliable public profile of its exact services, location, or offerings. Because the listing is a threat-intelligence record rather than an operational company profile, the safest description is limited to the identified sector and country. It was listed as a ransomware victim associated with everest.

mtrx.com is the website of Matrix Networks, an IT services and managed services provider based in Portland, Oregon. The company says it delivers managed network services and enterprise communication solutions, including voice, cloud, cybersecurity, and customer-experience offerings. Founded in 1984, Matrix Networks serves organizations seeking design, deployment, and support for business communications and network infrastructure. It was listed as a ransomware victim associated with lockbit3.

Marktel.es is the website of Grupo Marktel, a Madrid-based Spanish business services company focused on outsourcing and full BPO solutions. The company presents itself as providing global services, including consulting, operational support, retention, and omnichannel communication enabled by software and process management. Its contact details place it in Madrid, Spain, and its public materials describe operations for clients across service and business process functions. Marktel.es was listed as a ransomware victim associated with LockBit3.

ALFATECH is an IT-sector company based in the United States, with public business profiles describing it as a technology and engineering services firm. Its offerings include design, technology, lighting, commissioning, energy solutions, and related consulting services for commercial environments. Public company materials also describe it as providing mechanical, electrical, plumbing, fire protection, and smart-building design support. It was listed as a ransomware victim associated with blackbasta.

AMPORTS is an organization operating in the Other sector, with its primary activities and offerings not specified in public records. The entity's location and specific service portfolio remain unclear based on available information. AMPORTS was listed as a ransomware victim associated with the Blackbasta threat actor, indicating exposure to a cyberattack. This listing highlights the organization's inclusion in threat intelligence databases tracking ransomware incidents. The incident underscores the broader risk landscape facing entities across various sectors.

Michael Sullivan & Associates is a California law firm founded in 1996 and based in El Segundo, with additional offices across the state. It focuses on workers’ compensation defense, employment law, general liability, audit defense, and subrogation. The firm serves clients from multiple California locations, including San Diego, Oakland, Sacramento, and San Jose. In threat-intelligence records, Michael Sullivan & Associates was listed as a ransomware victim associated with blackbasta.

martel.es operates as Explotaciones Martel SL, a food industry company located in Palmas de Gran Canaria, Las Palmas, Spain. The entity specializes in the production, packaging, and distribution of sandwiches, croissants, bocadillos, and prepared meals. It is categorized under the elaboration of homogenized food preparations and dietary foods within the food industry sector. The company was listed as a ransomware victim associated with the threat actor lockbit3.

Mercola is a Cape Coral, Florida-based company associated with natural health publishing and consumer wellness content, with operations tied to online media and internet services. Public business profiles also place its headquarters in Cape Coral and describe related activity in consulting, software development, and IT infrastructure. The company’s presence is centered in the United States, with additional operational links to the Philippines. It was listed as a ransomware victim associated with blackbasta.

SMART Mechanical Solutions is a Michigan-based services company that provides HVAC and refrigeration work, including industrial and commercial refrigeration, ammonia systems, and emergency service. Public business profiles place it in Rockford, Michigan, and describe over two decades of experience serving commercial customers. Its offerings center on mechanical contracting, system installation, maintenance, and repair for HVAC and refrigeration equipment. It was listed as a ransomware victim associated with blackbasta.

Quality Telecom Consultants Inc. is a general contractor based in Rocklin, California, specializing in electrical, wireless services, and construction for the telecommunications industry. The company offers turnkey contracting for wireless site development, including site acquisition, design, project management, and construction services. It serves the western United States with expertise in commercial construction, steel building, and renewable energy solutions. Quality Telecom Consultants Inc. was neutrally listed as a ransomware victim associated with the threat actor blackbasta.

bigcenters.rs is the official website of BIG Shopping Centers, a retail real-estate operator in Serbia and Montenegro. Its properties include shopping centers and retail parks that host stores, services, dining, and entertainment options across multiple Serbian cities. The brand describes BIG Fashion locations as shopping malls and promotes them as one-stop shopping destinations. The domain was listed as a ransomware victim associated with LockBit3.

Medibank Private Limited is an Australian private health insurance provider headquartered in Melbourne, Victoria, serving as Australia's largest private health insurer. The company operates across all states and territories as a shareholder-owned, for-profit entity offering private health insurance through its Medibank and ahm brands. It provides integrated health management and preventative programs alongside flexible cover options for members nationwide. Medibank Private Limited was listed as a ransomware victim associated with the threat actor blogxx.

Stages Pediatric Care is a pediatric medical practice in Orange City, Florida, serving families at 947 Town Center Drive. It provides pediatric primary care for children and offers routine office visits and related child health services. The practice is listed in the Other sector and is associated with pediatric care in the local community. It was listed as a ransomware victim associated with everest.

csi.cat is the official website of Consorci Sanitari Integral (CSI), a healthcare and social-care consortium based in L'Hospitalet de Llobregat, Spain. Its site presents information about CSI centers, patient services, teaching, research, and practical access details across its facilities. The consortium also highlights specialized care areas such as cardiology and publishes patient-facing updates and training information. It was listed as a ransomware victim associated with ransomexx.

tdwood.com belongs to Thomas D. Wood and Company, an independently owned, full-service commercial mortgage banking and real estate investment banking firm based in Coral Gables, Florida, with offices across the state. The company focuses on Florida commercial and multifamily real estate capital markets and related mortgage loan production, underwriting, servicing, and placement. Its website and team pages identify it as a privately held firm serving income-property and commercial real estate clients. It was listed as a ransomware victim associated with lockbit3.

Shiloh Industries is a U.S.-based automotive supplier with operations in Auburn Hills, Michigan, and other global locations. It designs and manufactures body structure, chassis, propulsion, and lightweighting products for automotive and commercial vehicle customers through stamping, hot forming, welding, and related processes. The company is associated with Dura-Shiloh, a mobility systems supplier focused on engineering and manufacturing solutions for vehicle performance and safety. It was listed as a ransomware victim associated with blackbasta.

DMCI Holding is a Philippines-based holding company with business interests across construction, real estate, mining, power, water, and manufacturing. As a diversified conglomerate, it operates through subsidiaries and investments spanning industrial and infrastructure-related activities. In threat-intelligence catalogs, the DMCI Holding Leaked entry refers to a ransomware-victim listing rather than a verified incident summary. It was listed as a ransomware victim associated with ragnarlocker.

polycube.co.th is the website for Polycube Company Limited, a Bangkok-based business in Thailand. Its public company information describes services for merchants, including Electronic Data Capture (EDC), POS applications, and Dynamic Currency Conversion. The company lists its office in Chatuchak, Bangkok, and provides contact details in Thailand. It was listed as a ransomware victim associated with LockBit3.

jtchapman.com is the website of J.T. Chapman Company, a manufacturers representative firm headquartered in Dallas, Texas that has served the industrial power transmission sector since 1957. The company represents manufacturers of electrical and mechanical power transmission products, offering services including geardrive assembly, warehousing, and regional sales support across the United States. As a factory representative specializing in power transmission, J.T. Chapman connects industrial clients with manufacturers of essential mechanical components and related products. The company was listed as a ransomware victim associated with lockbit3, marking its inclusion in threat-intelligence indices tracking cyber incidents affecting industrial sector representatives.

Tang Capital Management LLC operates in the HR & Staffing industry, headquartered in San Diego, California, with 20 to 49 employees and revenue between $1 million and $5 million. The company is a life sciences-focused investment firm founded in 2002, specializing in biotech and oncology sector investments. It has disclosed positions in Mural Oncology Plc and previously held stakes in Precision BioSciences Inc. Tang Capital Management LLC was listed as a ransomware victim associated with the RagnarLocker threat actor.

Electricity company pt.2 is an Energy sector organization operating in Sweden that provides electricity transmission and related power-grid services. As a utility in the electricity industry, it supports the infrastructure that keeps supply and system operations running. The entity was later listed as a ransomware victim associated with Everest.

dmcinet.com is the website of D.M. Consunji, Inc. (DMCI), one of the Philippines’ leading engineering-based integrated construction companies. The company is based in Makati City, Philippines, and presents services and bid-invitation contact information for construction-related work. DMCI is part of a broader group active in construction and related infrastructure businesses in the Philippines. It was listed as a ransomware victim associated with LockBit3.

RS.GOV.BR/Government Brazil refers to a Brazilian public-sector government entity associated with the state of Rio Grande do Sul and the wider federal gov.br ecosystem, which provides centralized digital services and official information for citizens and agencies. Brazil’s government portals support public administration, service delivery, and interagency coordination across ministries and state-level operations. In this index, the entity is described as a public-sector organization in Brazil. It was listed as a ransomware victim associated with everest.

Security Alliance Group is a South Florida-based services company headquartered in Miami, Florida, that provides professional security solutions for businesses, organizations, and agencies. Its offerings include uniformed protection officers, close protection, consulting and investigative services, security training, maritime security, emergency response, and government support. The company says it operates internationally and maintains multiple U.S. and overseas locations. It was listed as a ransomware victim associated with lockbit3.

dragages-ports.fr is the website of Dragages-Ports, a French dredging organization based in France and focused on maintaining navigable waterways and port access. Its stated mission is to optimize maintenance dredging costs by managing, maintaining, and renewing dredging assets and related equipment. The company is associated with maritime operations in major French ports and dredging fleet activity. In threat-intelligence indexing, dragages-ports.fr was listed as a ransomware victim associated with LockBit3.

Cedemo is a Monaco-based digital marketing and data-content company that produces videos, home-entertainment media, and product metadata. Industry profiles also describe it as providing in-store digital signage, enhanced brand content, and social-media content, with headquarters in Monaco. The company has been associated with technology and public relations activities in business databases. Cedemo was listed as a ransomware victim associated with lockbit3.

alliedusa.com refers to Allied USA, a U.S.-based national provider of medical waste disposal, compliance solutions, medical supplies, document storage, and shredding services. Company listings place it in the healthcare-related services sector and identify headquarters in Los Angeles, California, with an additional presence in Utah. Its website describes offerings that include medical waste treatment, information management, and secure destruction for business and institutional clients. The site was listed as a ransomware victim associated with lockbit3.

buydps.com is the website for Dependable Packaging Solutions, a Miami Lakes, Florida-based packaging company in the Other sector. It operates as a distributor of corrugated products, point-of-purchase displays, and packaging supplies, and also markets stock and custom packaging products. Public company profiles describe it as a Florida packaging and industrial distribution business serving commercial customers. The site was listed as a ransomware victim associated with lockbit3.

Município De Loures is the municipal government of Loures, a city and municipality in Portugal in the Lisbon metropolitan area. It manages local public administration and citizen services, including citizen support centres and related municipal services. As a public-sector entity, it operates in the government sector and serves residents across the Loures area. It was listed as a ransomware victim associated with hive.

ScinoPharm Taiwan Ltd. is a pharmaceutical company based in Tainan, Taiwan, and operates as a contract development and manufacturing organization. It develops and manufactures active pharmaceutical ingredients, including high-potency APIs for oncology, and offers injectable formulation services. Company materials also describe integrated API and formulation capabilities for global customers. The site scinopharm.com was listed as a ransomware victim associated with qilin.

Electricity company is a utility or power business in the Energy sector that supplies electricity and related services to homes and businesses. In the electric power industry, such companies may generate, buy, market, or deliver electricity across regulated or deregulated markets, depending on their operating model. The name is generic, so no specific location or offer mix can be verified from the available record alone. It was listed as a ransomware victim associated with everest.

SPERONI S.P.A. is an Italian company headquartered in Castelnuovo di Sotto, Reggio Emilia, and operates in machinery manufacturing and services. It describes itself as a family-owned business that designs solutions to improve customer production efficiency, with offerings in tool presetting, measurement, and production management. Public profiles also place it in industrial equipment and related manufacturing markets. It was listed as a ransomware victim associated with everest.

The UNITED GRINDING Group is a Swiss industrial group in the services and manufacturing technology space, headquartered in Switzerland. It develops and supplies precision machines and related services for grinding, eroding, laser, measuring, and additive manufacturing applications. The group operates through multiple brands and serves industrial customers across its machine-tool portfolio. It was listed as a ransomware victim associated with blackbasta.

Veritas Solicitors LLP is a law firm based in Manchester, England, with its head office at Cardinal House on St Mary’s Parsonage. It offers legal services across areas including personal injury, housing disrepair, immigration and financial claims. The firm presents itself as a specialist practice focused on tailored advice and client case handling. It was listed as a ransomware victim associated with bianlian.

Meisenkothen refers to Early, Lucarelli, Sweeney & Meisenkothen, a U.S. law firm based in New Haven, Connecticut, with additional offices in cities including New York, Washington, Orlando, and New Orleans. The firm focuses on mesothelioma and asbestos injury representation, serving clients through legal advice, claims filing, and litigation support. Public firm profiles describe it as a nationally recognized practice with decades of experience representing mesothelioma victims and their families. It was listed as a ransomware victim associated with bianlian.

Rundle Eye Care is an eye care practice offering comprehensive ophthalmology services, including eye exams and vision care, based in Orange, California. The practice provides patient-focused eye health solutions through its affiliated medical professionals. Rundle Eye Care was listed as a ransomware victim associated with the threat actor everest.

MultiCare Health System is a nonprofit healthcare organization based in Tacoma, Washington, serving communities across Washington, Idaho and Oregon. It operates more than 300 primary, urgent, pediatric and specialty care locations and provides broad clinical services through its regional network. In threat-intelligence catalogs, the entity may appear under the multicare.org domain, which is associated with its health system presence. It was listed as a ransomware victim associated with everest.

Dorsey Metrology International is a Poughkeepsie, New York-based manufacturer of high-precision quality inspection instruments and a contract manufacturing company. The company says it has crafted metrology products in America since 1955 and operates from 53 Oakley Street in Poughkeepsie. Its business focuses on measurement and inspection tooling for industrial use. Dorsey Metrology was listed as a ransomware victim associated with bianlian.

BMW of Sherman Oaks is a BMW dealership in Sherman Oaks, Los Angeles, California, at 5201 Van Nuys Boulevard. It sells new, pre-owned, and certified pre-owned BMW vehicles and also provides financing, service, and parts. The dealership describes itself as a certified center serving customers near Los Angeles. In threat-intelligence listings, it was named as a ransomware victim associated with bianlian.

McGann Facial Design is an oral surgery practice based in San Diego, California, offering oral and maxillofacial surgery care. Public listings and the practice’s website identify it as a private San Diego dental and facial surgery office led by Grant McGann, D.D.S. The clinic also notes expanded in-office surgical capacity at its San Diego location. In threat-intelligence records, it was listed as a ransomware victim associated with bianlian.

Mayfield School is a public high school located in Mayfield, Ohio, an eastern suburb of Cleveland, serving students within the Mayfield City School District. The institution provides secondary education offerings including academic programs, career readiness, and all-access learning initiatives for its community. It serves approximately 4,000 students across multiple communities including Gates Mills, Highland Heights, Mayfield Heights, and Mayfield Village. The school was listed as a ransomware victim associated with the threat actor bianlian, marking its inclusion in threat-intelligence records regarding cyber incidents in the Education sector.

Apunipima Cape York Health Council is an Aboriginal Community Controlled Health Organisation in Queensland, Australia. It provides comprehensive primary health care and social and emotional wellbeing services to Cape York communities. Its services are delivered through culturally safe, community-focused programs across remote locations in Far North Queensland. The entity was listed as a ransomware victim associated with lockbit3.

Willemen Group is a prominent Belgian construction firm specializing in civil projects, industrial construction, and non-residential infrastructure within the Services sector. The company, headquartered in Kontich, Flanders, employs over 2,100 staff and delivers sustainable, innovative building solutions across diverse construction activities. As a family-owned enterprise, it emphasizes high standards in project execution and complementary ranges of construction services. Willemen Group was neutrally listed as a ransomware victim associated with the threat actor BlackBasta.

OPPLE Lighting is an integrated lighting company founded in 1996 and based in China, with operations spanning research and development, production, distribution, and after-sales support. It develops and sells lighting products, including LED and smart lighting, through domestic and international markets. Public company and brand materials describe it as a major lighting manufacturer with a global footprint. It was listed as a ransomware victim associated with Snatch.

Empower Insurance is a U.S.-based insurance business listed in the finance, legal and insurance sector and is associated with insurance services for individuals and organizations. Public web listings place Empower-branded insurance offices in Houston, Texas, and Syracuse and Binghamton, New York, indicating a regional insurance-services footprint. The name is also used by several Empower financial-services entities, so sector and location details should be read in the context of the specific insurance listing. It was listed as a ransomware victim associated with Snatch.

Unicity is a public-sector organization based in Utah, United States, and the name is also used by a private direct-selling company that markets nutritional and wellness products from Orem/Provo. Publicly available company profiles describe Unicity International as a health and wellness business focused on research, development, and distribution of nutritional products. It operates with headquarters in Utah and maintains an international presence through multiple office locations. In threat-intelligence indexing, Unicity was listed as a ransomware victim associated with Snatch.

Oil India Ltd is an Indian energy company engaged in the exploration, development and production of crude oil and natural gas, along with crude oil transportation, LPG production and renewable power generation. It is a fully integrated upstream exploration and production company in India’s oil and gas sector. In threat-intelligence catalogs, oil-india.com is listed as a ransomware victim associated with Snatch, without implying verified breach details.

Avalon Luxury Transport is a luxury ground-transportation provider based in Palm Springs, California, serving Palm Desert and the surrounding area. Its website says the company offers personal driver service, town cars, and airport shuttles, with availability seven days a week. Public listings also describe it as a chauffeured transportation business focused on scheduled passenger service. The company was listed as a ransomware victim associated with ragnarlocker.

Peter Duffy Ltd is a UK-based services company in Wakefield, West Yorkshire, specializing in civil engineering, utility services, and construction work for infrastructure, highways, power plants, water and wastewater treatment, and rail projects. The company says it has supported commercial, industrial, and residential clients for more than 40 years and has experience across utility networks. Its registered office is in Warrington, Cheshire. Peter Duffy Ltd was listed as a ransomware victim associated with bianlian.

Sunflower Farms Distributors, Inc. is a Florida-based distributor in the agriculture and food supply chain, operating from Doral and focusing on fresh-cut flowers and related wholesale distribution. Public business listings describe it as a family-owned company serving wholesalers, retailers, and other buyers from its Miami-area location. The company was listed as a ransomware victim associated with BianLian.

Aarti Drugs Ltd is an India-based pharmaceutical company engaged in manufacturing active pharmaceutical ingredients, intermediates, formulations, and related products for regulated markets. Its corporate presence is in Mumbai, Maharashtra, and company sources describe it as a global API manufacturer and pharma exporter. Public company profiles also place it in the pharmaceutical manufacturing segment. It was listed as a ransomware victim associated with bianlian.

Berg Kaprow Lewis is a United Kingdom-based professional services firm headquartered in London’s Barnet area, operating as Berg Kaprow Lewis LLP and known as BKL. Public listings describe the company as a chartered accountancy and advisory practice offering accounting, tax, audit, corporate finance, outsourcing, and related business services. The firm also presents itself as a Certified B Corporation with a broader professional-services profile. Berg Kaprow Lewis was listed as a ransomware victim associated with bianlian.

Company, LLC is a U.S.-based business in the Services sector. As an LLC, it is a limited liability company, a legal structure commonly used by service providers and other small businesses. LLCs are designed to separate owners’ personal assets from business liabilities and typically operate with flexible management and tax treatment. In threat-intelligence indexing, Company, LLC is identified as a ransomware victim associated with bianlian.

Derach appears to be an organization in the **Other** sector, and available public threat-intelligence material does not reliably identify its exact location or offerings. In the absence of a verified company profile, the safest description is a neutral one: Derach is an entity whose business details are not clearly established in the open sources reviewed. BianLian has listed Derach among its victims, but that listing does not by itself confirm the scope or impact of any incident. The company was listed as a ransomware victim associated with **bianlian**.

Seanic Ocean Systems is a Services company based in Katy, Texas, and it operates under the Centurion Subsea Services brand. It provides subsea tooling and rental services, along with engineered solutions for remote intervention and related operations. Company sources describe its work as design, manufacturing, storage, repair, and maintenance of subsea products. It was listed as a ransomware victim associated with bianlian.

Bartelt Packaging is a U.S.-based manufacturer of packaging equipment serving food, beverage, and consumer-goods industries, with offerings that include machinery for biscuits, candy, cereals, grains, flour, and related products. Its industry page presents Bartelt as a solutions provider for a broad range of packaging applications, reflecting its role in the hospitality, food, and tourism supply chain through packaged goods. The company is associated with the packaging sector in the United States, where it markets equipment and support for production lines. Bartelt was listed as a ransomware victim associated with bianlian.

Rick Shipman Construction Inc. is a professional contractor established in 1991, headquartered in Dexter, Missouri, and operating nationwide. The company specializes in commercial, industrial, retail, and residential construction, including new builds and expansions. It serves clients across the United States with expertise in construction management and real estate development. Rick Shipman Construction was listed as a ransomware victim associated with the BlackBasta threat actor.

Gate Precast is a U.S.-based precast concrete company headquartered in Jacksonville, Florida, with additional operations in cities including Ashland City, Tennessee, and Atlanta, Georgia. It designs and manufactures architectural precast concrete systems and related prefabricated building solutions for commercial construction projects. Public company materials also describe it as part of the broader building materials and manufacturing sector. In threat-intelligence listings, Gate Precast was associated with the blackbasta ransomware group as a listed victim.

AudioQuest Data Leaked refers to an incident involving the audio technology company AudioQuest, which operates in the Other sector with no specific geographic location disclosed. The entity offers audio equipment and related services, though details on its offerings remain general due to limited public information. AudioQuest was listed as a ransomware victim associated with the threat actor ragnarlocker, indicating its environment was targeted by malicious cyber activity. No confirmed data breach types or record counts are publicly available for this incident. The listing serves as a neutral record of the company's exposure to ransomware threats.

Malayan Flour Mills Berhad is a Malaysian food company headquartered in Kuala Lumpur and known as the pioneer wheat flour milling company in Malaysia. It also operates poultry and feed businesses and has activities extending to Vietnam. The group’s offerings include flour milling, vertically integrated poultry operations, and related food products. Malayan Flour Mills Bhd. Data Leak was listed as a ransomware victim associated with ragnarlocker.

Ferrari S.p.A. is an Italian luxury sports car manufacturer based in Maranello, Italy, known for designing, engineering, producing, and selling high-performance sports cars. The company maintains a leading position in the luxury performance sports car sector and operates globally from its corporate base in the Netherlands. In threat-intelligence catalogs, Ferrari may be indexed under other sectors when used as an enterprise victim record. It was listed as a ransomware victim associated with ransomexx.

Aesthetic Dermatology Associates is a medical and cosmetic dermatology clinic operating in Paoli and Media, Pennsylvania, providing skin care solutions including Botox, fillers, laser treatments, peels, and microneedling. The clinic also offers clinical services for acne, rosacea, psoriasis, eczema, rashes, warts, and skin tag removal, alongside comprehensive skin exams and mole assessments. Located at 4 Industrial Blvd in Paoli and 176 S New Middletown Rd in Media, the practice serves patients in a professional and comfortable environment. Aesthetic Dermatology Associates was listed as a ransomware victim associated with the threat actor bianlian.

swissam.net is the online presence of Swissam, a Swiss communication and marketing business. The company presents services in branding, digital communication, and marketing support for clients seeking to strengthen market visibility and audience reach. Its web identity reflects a sector focused on strategic messaging and promotional services. The domain was listed as a ransomware victim associated with blackbyte.

Almoayed Group is an information technology and telecommunications solution provider headquartered in the Kingdom of Bahrain. The company describes itself as an ICT system integrator, serving public- and enterprise-sector clients with infrastructure, network, wireless, and professional services. Its offerings include design, implementation, and management of communication and technology environments. It was listed as a ransomware victim associated with BlackByte.

MultiCare Home Health Care is a home health provider in Euclid, Ohio, serving patients through licensed and certified caregivers. Its services include medical social services, physical therapy, and related in-home care support. In the healthcare and pharma sector, the organization operates from 27691 Euclid Ave. in Euclid, Ohio. It was listed as a ransomware victim associated with everest.

Bombardier Recreational Products (BRP) is a Canadian manufacturer headquartered in Valcourt, Quebec, that designs, develops, and markets powersports vehicles and propulsion systems. Its portfolio includes iconic brands such as Ski-Doo, Lynx, Sea-Doo, and Can-Am, serving customers across snow, water, and land. The company also produces Rotax engines for karts, motorcycles, and recreational aircraft, operating facilities globally including in the United States and Europe. BRP was listed as a ransomware victim associated with the threat actor ransomexx in the Communication and Marketing sector.

Health Care Solutions Group, Inc. is a healthcare services company based in Skokie, Illinois, focused on in-home care for patients with respiratory, sleep, and neuromuscular conditions. It provides patient-centered services including medical equipment, in-home testing, travel assistance, and personalized care for adults, pediatrics, and infants. The company says it has more than 20 years of experience and serves patients needing oxygen and respiratory support. It was listed as a ransomware victim associated with donutleaks.

Seaview Resort Khao Lak is a beachfront hotel in Khao Lak, Phang Nga province, Thailand, on Nang Thong Beach near Phuket Airport. It offers air-conditioned rooms and guest facilities typical of a resort stay, including dining and leisure services for vacation travelers. The property operates in the hospitality, food and beverage, and tourism sector, serving domestic and international guests. It was listed as a ransomware victim associated with LockBit3.

kimed.pl is a Poland-based website in the other sector, likely operating as a business or service presence rather than a dedicated industry vertical. Publicly available search results do not clearly identify its full offerings, so the company is best described conservatively from its domain and country context. In threat-intelligence records, kimed.pl appears as an indexed ransomware victim entry. The listing associates kimed.pl with lockbit3.

hriindia.com is the website of Hygienic Research Institute Private Limited (HRIPL), an Indian beauty and personal care company focused on beauty, haircare, skin care, and salon products. Its site describes it as a manufacturer and marketer of premium beauty products and notes a locally sourced, globally present operating model. HRIPL presents itself as a long-running consumer brand business in India. The listing identifies hriindia.com as a ransomware victim associated with lockbit3.

Karl Gemünden GmbH & Co. KG, also known as Bauunternehmung Karl Gemünden GmbH & Co. KG, is a construction company based in Ingelheim am Rhein, Rhineland-Palatinate, Germany. Its business includes general contracting and building services, and it is also listed as a supplier for tunnel, bridge and viaduct construction projects. The company describes itself as a regional construction firm active in and around Ingelheim, Mainz and the wider Rhine-Main area. It was listed as a ransomware victim associated with blackbasta.

Mansfield Independent School District is a public K-12 school district in Mansfield, Texas, in the Dallas-Fort Worth Metroplex. It serves students from pre-kindergarten through 12th grade across a broad area of the city and nearby communities. As an Education-sector institution, MISD provides district-wide instruction and related student services. It was listed as a ransomware victim associated with Hive.

AIDS Alabama is a Birmingham, Alabama nonprofit that provides housing, policy and advocacy support, HIV/STI prevention and education, and free and confidential HIV/STI testing. Its website also points to related supportive services and contact information for its headquarters in Birmingham. The organization serves people affected by HIV and works to help clients live healthy, independent lives. It was listed as a ransomware victim associated with lockbit3.

Toyota Alabang, Inc. is a Philippine automotive dealership based in Muntinlupa City, Metro Manila, with contact details on Alabang-Zapote Road near Filinvest Avenue. Its website and directory listings indicate it sells Toyota vehicles and provides related sales, service, parts, and customer support. The company also maintains local contact channels for vehicle sales, used vehicles, financing, insurance, and after-sales services. It was listed as a ransomware victim associated with lockbit3.

Los Angeles Unified School District is a public K-12 school district in Los Angeles, California, with headquarters at 333 South Beaudry Avenue. It serves kindergarten through grade 12 across hundreds of schools and provides instruction and related educational services to a large student population. The district’s official website is lausd.org and its coverage spans one of the largest school systems in the United States. It was listed as a ransomware victim associated with vicesociety.

Associated Bag is a United States-based company that manufactures and supplies packaging bags and related products for various industries. The firm operates in the packaging sector, offering custom and standard bag solutions to commercial clients across the nation. Associated Bag was listed as a ransomware victim associated with the BlackBasta threat actor, which claimed the organization in 2022.

Stages Pediatric Care is a medical group practice in Orange City, Florida, focused on pediatrics and primary care for children. It operates from 947 Town Center Dr and provides routine pediatric services for local families. Public directory and provider records place the practice in Orange City and identify it as a pediatric clinic. It was listed as a ransomware victim associated with everest.

Samyang Group is a South Korean business group headquartered in Seoul, operating across chemicals, food, biopharmaceuticals, packaging, and related specialty materials. Its website presents the company as a global partner focused on materials and solutions, with business units that include chemicals, food, ion-exchange resins, and information and electronic materials. In catalog records, samyang.com is classified in the Other sector. It was listed as a ransomware victim associated with LockBit3.

Evo Exhibits is a full-service provider of trade show exhibits, displays, and environments, with primary operational focus on the North American market and key facilities in Illinois and Nevada. The company specializes in hybrid exhibit solutions to support entire trade show experiences and offers creative design, cutting-edge displays, graphics, and trade show management services. Headquartered in Peru, Indiana, Evo Exhibits operates additional locations in North Las Vegas, Nevada, serving clients across the United States. The organization was listed as a ransomware victim associated with the threat actor donutleaks.

Yehu.org is the website of Yehu Impact Limited, a Kenya-based microfinance institution headquartered in Mombasa at The Avenue Building, 2nd Floor, Office No. 2. It provides microfinance services and operates 16 branches across coastal and neighboring counties, including Mombasa, Kwale, Kilifi, Lamu, Taita Taveta, Meru, and Makueni. Yehu serves a customer base of more than 70,000 and positions itself as a credit-focused MFI. In the index, yehu.org was listed as a ransomware victim associated with LockBit3.

H.D. Hopwood & Co. Ltd., originally an industrial and manufacturing distributor in Kingston, Jamaica, was acquired by the Massy Group of Companies in September 2001 and now operates as Massy Distribution Jamaica Ltd. The company, located at 3 Carifta Avenue, Kingston 11, provides wholesale and retail distribution services across sectors including pharmaceuticals, food, and industrial supplies. It serves the Jamaican public sector and private markets with a focus on quality, convenience, and competitive pricing. The entity was listed as a ransomware victim associated with the LockBit3 threat actor. This listing reflects its inclusion in a threat-intelligence index documenting cyber incidents targeting industrial distributors in Jamaica.

bew.co.th belongs to Bangkok Eagle Wings Co., Ltd., a Thai company based in Bangkok, Thailand. Company profiles identify it as an automotive parts business, including truck and lorry spare parts and automotive press-and-weld components. Its publicly listed contact details place it in Nong Chok, Bangkok, and indicate long-running operations in Thailand. It was listed as a ransomware victim associated with lockbit3.

Cremo is a U.S.-based grooming company in the other sector, with a headquarters listing in Laguna Beach, California. Its public materials describe it as a modern grooming brand and retail presence includes consumer grooming products sold through major channels. Edgewell described Cremo as a premier men’s grooming company in the U.S. when it announced the acquisition in 2020. It was listed as a ransomware victim associated with blackbasta.

Southwell, Inc. is a not-for-profit healthcare system in Tifton, Georgia, serving South Central Georgia with hospitals, clinics, and related medical services. Its offerings include inpatient and outpatient care, physician services, and specialty and rehabilitation support for local patients. Public company listings describe Southwell as operating in the Services sector and based in Tifton, Georgia. It was listed as a ransomware victim associated with hive.

aesclean.com belongs to AES Clean Technology, a US-based company that designs, manufactures, and installs modular cGMP cleanrooms and related equipment for life science and technology customers. The company says it provides cleanroom design, construction, and installation services, with facilities and operations in Pennsylvania, Georgia, and California. Its published materials also describe resources, careers, and cleanroom technology content for the sector. It was listed as a ransomware victim associated with Black Basta.

El Ministerio de Relaciones Exteriores, Comercio Internacional y Culto de la República Argentina, conocido como Cancillería, es el organismo del Poder Ejecutivo encargado de las relaciones exteriores del país. Tiene sede en Buenos Aires y representa a la Nación ante gobiernos extranjeros y organismos internacionales, además de coordinar asuntos diplomáticos, cooperación internacional y vínculos económicos y culturales. En términos de sector, se clasifica como Other por tratarse de una entidad pública. Fue listado como víctima de ransomware asociada con onyx.

vitalityhp.net is the website associated with Vitality Health Plan, a U.S.-based health maintenance organization that helps members in California access Medicare benefits. Public company profiles describe it as a small healthcare provider serving the broader health-plan market. Its online presence centers on health-plan information and member services. It was listed as a ransomware victim associated with lockbit3.

bliss-d.com appears to correspond to Bliss'd Co, a Los Angeles, California-based brand that sells guided journals and manifestation and gratitude products for women and families. Its site presents the company as focused on journaling systems designed to support clarity, intention, and daily reflection. The business is associated with the other sector rather than a traditional industrial category. It was listed as a ransomware victim associated with lockbit3.

ginspectionservices, also known as GIS Group (Global Inspection Services), is a high-performance inspection, testing, and certification organization headquartered in Madrid, Spain. The company provides second-party and third-party shop and site inspection services, expediting, and logistics support for EPC firms, owners, and vendors across multiple countries including Cuba. Its core offerings include cargo and loading inspection, shipping quality and quantity checks, and survey sampling testing for mechanical and electrical equipment. The organization operates globally with locations in Africa, America, Asia, and the Middle East, serving clients in architectural, engineering, and related services sectors. ginspectionservices was listed as a ransomware victim associated with the threat actor Cuba.

Etna GmbH is a Frankfurt am Main, Germany-based company providing air-conditioning, ventilation, and building management services. Its published contact details place the firm at Colmarer Straße 11 in 60528 Frankfurt am Main, and industry profiles describe it as a consumer services provider in the Other sector. The company operates as an HVAC and facilities services supplier for buildings and related infrastructure. It was listed as a ransomware victim associated with blackbasta.

Hendry Regional Medical Center is a healthcare and pharma facility located at 524 West Sagamore Avenue in Clewiston, Florida, serving Hendry County with comprehensive medical services including urgent care and rural health outreach. The hospital operates 24 hours a day and provides financial assistance programs for uninsured or underinsured residents, ensuring access to medically necessary care. It also manages affiliated clinics such as the Hendry Regional Convenient Care Center in LaBelle, extending its healthcare offerings across the region. Hendry Regional Medical Center was neutrally listed as a ransomware victim associated with the threat actor hive.