All Ransomware Records

www.vectorinf.c... appears to refer to a U.S.-based web property in the Other sector; the available search results do not provide enough verified public detail to describe its specific offerings with confidence. In threat-intelligence indexing, such entities are typically cataloged by their web presence and sector when a fuller company profile is not publicly established. The listing was recorded as a ransomware victim associated with lockbit2.

Cargo Experts Ltd operates in freight forwarding, logistics, and warehousing, offering supply chain solutions through offices in Cyprus, Greece, and Romania. Its website describes the company as a provider of freight forwarding and logistics services, with contact details in Strovolos, Nicosia, and additional locations in Athens and Constanța. The company appears in the transportation and travel logistics segment and serves international shipping and distribution needs. It was listed as a ransomware victim associated with lockbit2.

Goto Kaisoten Ltd. is a comprehensive logistics operator headquartered in Kobe, Japan, specializing in port transportation services, customs brokerage, and freight forwarding. Founded in 1877, the company offers end-to-end support for transport, storage, and international multimodal logistics across ocean, air, and inland routes. Its business activities include warehousing, coastal shipping, worker dispatch services, and sales of marine containers and timber. The company operates a network of domestic and international locations, including offices in Taiwan and Hong Kong, to facilitate global intermodal transportation. Goto Kaisoten Ltd. was listed as a ransomware victim associated with the LockBit2 threat actor.

CAPECODRTA - HACKED AND DATA LEAKED appears to refer to the Cape Cod Regional Transit Authority, a public transit agency serving Cape Cod with regional bus and related rider information services in Massachusetts, United States. Public posts and coverage indicate it experienced ransomware-related disruption to website publishing and transit operations materials. The entity is categorized in the Other sector and is associated with a ransomware victim listing. It was listed as a ransomware victim associated with lv.

Palermo is the capital of Sicily and a city in southern Italy known for its historic port, urban commerce, tourism, and service industries. It also serves as a regional center for agriculture and other local economic activity. In broader location-based indexing, Palermo is used as a geographic entity rather than a company profile. It was listed as a ransomware victim associated with vicesociety.

virtus- is an entity in the Other sector, and available sources do not provide a reliable public profile for its location or offerings. In threat-intelligence records, the name appears as a victim entry rather than as a full corporate description, so only limited factual context can be confirmed from public data. It is therefore best described conservatively as an otherwise unspecified organization in the Other sector. It was listed as a ransomware victim associated with lockbit2.

Goodman Campbell Brain & Spine is a US health care provider based in Indiana, with locations in Carmel, Greenwood, Indianapolis and other communities. It offers neurosurgical, spine and neurological care, including adult neurosurgery outpatient clinics, pain management and related specialty services. The organization describes itself as a leader in brain and spine care and a center for neurosurgery training and clinical research. It was listed as a ransomware victim associated with Hive.

English Construction Company, Inc. is a fourth-generation family-owned construction firm based in Lynchburg, Virginia, serving governmental, institutional, industrial, and infrastructure clients throughout the Mid-Atlantic. Founded in 1909, it provides general contracting and related construction services across projects such as roads, bridges, water and wastewater facilities, power plants, factories, and historic renovations. The company’s public contact listing places it at 615 Church Street in Lynchburg, VA. It was listed as a ransomware victim associated with blackbasta.

Losberger De Boer is a Netherlands-based company that provides temporary and permanent space solutions, including tents, halls, modular buildings, and other structures for events and business use. The group operates internationally and lists offices in the Netherlands and Germany, with offerings spanning commercial, public, military, and event applications. In threat-intelligence listings, Losberger De Boer appears as a ransomware victim associated with blackbasta.

Alliance Steel is a steel service center headquartered in Gary, Indiana, serving manufacturing and engineering customers from Northwest Indiana. The company supplies flat-rolled steel sheet and coil processing, including slitting, blanking, stretcher leveling, cold reduction, and laser-cut parts. Public company listings also show operations in Atlanta and Memphis. It was listed as a ransomware victim associated with Conti.

Equis Development Pte. Ltd. is a Singapore-based infrastructure and energy development company with offices across Asia-Pacific, including Australia, Japan, South Korea and Singapore. The company focuses on the development, construction, ownership and operation of energy assets, including renewable and hybrid systems, and has also described bioenergy and broader infrastructure investment activity. Its site and related company materials indicate work across the project lifecycle from development through operation. It was listed as a ransomware victim associated with lockbit2.

GPML Group is a small construction company based in Wilmington, Kent, England, with 11-50 employees and a focus on construction services. Its public company profile identifies it as operating in the construction sector and using the GPMLGroup.co.uk website. In threat-intelligence indexes, GPML is referenced as a ransomware victim tied to the LockBit2 ecosystem.

equ is a personalized nutrition app from Australia that helps users plan meals and manage weight, strength, and body composition through guided dietary tools. Its service emphasizes sustainable nutrition support and macro-friendly recipes for everyday use. The company is associated with the Other sector and operates as a consumer health and wellness platform. It was listed as a ransomware victim associated with lockbit2.

VTVCAB appears to be an organization in the Other sector, but the available sources do not provide enough reliable public detail to confirm its location or business offerings. In threat-intelligence listings, such entities are typically identified by name and sector when public corporate information is limited. Everest is a ransomware group active since at least 2020 and known for double-extortion activity across multiple industries and regions. VTVCAB was listed as a ransomware victim associated with everest.

Mandiant is a leading cybersecurity company headquartered in Mountain View, California, offering incident response, threat intelligence services, and cyber risk management to enterprises and governments worldwide. As part of Google Cloud, Mandiant delivers frontline expert support for incident response and continuous monitoring through its managed services, empowering security teams to stay ahead of cyber threats. The company is recognized globally by enterprises, governments, and law enforcement agencies as the market leader in threat intelligence and expertise. Mandiant was listed as a ransomware victim associated with LockBit2.

kan is a company in the Other sector; publicly available business details on its specific offerings and location are limited in the provided sources. Threat-intelligence listings use the name to index a ransomware-victim record tied to broader LockBit activity, a ransomware-as-a-service ecosystem active since 2021. LockBit 2.0 is the second major iteration of the group’s ransomware platform and has been associated with widespread extortion campaigns against organizations across many industries. kan was listed as a ransomware victim associated with lockbit2.

sesver.gob.mx is the official health system of the state of Veracruz, Mexico, operating under the Secretaría de Salud de Veracruz. Located in Xalapa, Veracruz, it manages public health services, including vaccination programs and hospital infrastructure across 839 primary care units and 58 hospitals. The system has invested over 49 million pesos to ensure vaccine access for all municipalities, reaching more than 13 million doses. sesver.gob.mx was listed as a ransomware victim associated with the LockBit2 threat actor in a cyberattack targeting Mexico's health sector.

PT Patra Logistik is an Indonesian logistics company in the energy supply chain, based in Jakarta Selatan, Jakarta. Its website describes the business as operating in upstream and downstream oil and gas logistics, with a focus on logistics services and related support services. Public profiles also describe it as supporting sustainable energy distribution across Indonesia. The entity was listed as a ransomware victim associated with lockbit2.

Linmark is a Hong Kong-based supply chain and sourcing company headquartered in Kowloon Bay, with operations centered on apparel and related product development, sourcing, merchandising, logistics, and quality control. The company describes itself as a supply chain partner that supports design, product development, sourcing, and execution across an international network. Its business profile also identifies it as a manufacturing-oriented firm serving global markets from Hong Kong. It was listed as a ransomware victim associated with LockBit2.

hyatts.com belongs to Hyatt Hotels Corporation, a global hospitality company headquartered in Chicago, Illinois, with operations in the United States and internationally. Hyatt develops, manages, franchises, and operates hotels and resorts across multiple brands and market segments. Founded in 1957 near Los Angeles International Airport, the company is known for its hospitality and lodging services. It was listed as a ransomware victim associated with lockbit2.

IBRCN.COM is a United States-based organization in the Other sector, though its public-facing business description is not readily established from available sources. As a domain-based listing, it may represent a company, service, or institutional site rather than a clearly classified industry operator. The threat-intelligence record associates IBRCN.COM with a ransomware victim listing tied to lockbit2.

kansashighwaypa... is an Other-sector organization in the United States, identified in a ransomware victim listing rather than a detailed company profile. Public search results do not provide enough verified context to describe its offerings, so the entity is best treated as a named organization associated with a threat-intelligence record. The listing places it in the ransomware-victim category monitored by the index. It was listed as a ransomware victim associated with lockbit2.

bestattung-walz... appears to be a funeral-services business in Germany, likely operating as a local bestattung or bestattungsinstitut that supports families with burial arrangements, funeral planning, and related care. Public web results for similar businesses show this sector typically offers personal consultation, 24-hour availability, and assistance with arrangements in the surrounding region. The listing is categorized in the Other sector, and it was listed as a ransomware victim associated with lockbit2.

vainieritraspor... is an Other-sector entity whose public-facing business details are not clearly established in the available records. No reliable web results identify a confirmed country, core offering, or operating profile, so it should be treated as an unidentified organization for cataloging purposes. In threat-intelligence indexing, it appears as a ransomware victim entry tied to the LockBit2 actor set. The listing places vainieritraspor... in the Other sector and associates it neutrally with lockbit2.

Rosa Group is a Services-sector business based in Italy. The company says it focuses on exclusive tourism, emphasizing service, hospitality, attention to detail, and empathy. It also states that it began in construction before diversifying into premium tourism. In this index, rosagroup is listed as a ransomware victim associated with lockbit2.

SilTerra Malaysia Sdn. Bhd. is a semiconductor and electronic component manufacturer headquartered in Kulim, Kedah, Malaysia. The company operates within the Kulim Hi-Tech Park, a leading high-technology industrial zone in northern Malaysia. It provides wafer fabrication and related semiconductor offerings to clients in Taiwan and Malaysia. SilTerra was listed as a ransomware victim associated with lv following a security incident involving leaked data and NDA breach.

wik-group.com is the digital presence of WIK Group, a Hong Kong-headquartered company in the services sector specializing in the design, production, and distribution of electrical household appliances. The firm operates globally, serving leading brands with offerings including kitchen appliances, water systems, beverage systems, and coffee equipment. WIK Group functions as a contract designer and manufacturer for industry-leading global brands, with facilities in Hong Kong, China, and Indonesia. The company was listed as a ransomware victim associated with the LockBit2 threat actor.

Specpharm.co.za belongs to Specpharm, a South African pharmaceutical company based in Gauteng, South Africa. The company describes itself as black-owned and empowered, with activities in the registration, sales, and marketing of high-quality medicines, and its manufacturing arm operates in pharmaceuticals. Public directory listings also describe Specpharm as focused on the development, manufacturing, and distribution of specialised medicines. The entity was listed as a ransomware victim associated with lockbit2.

ora.com is associated with ORA Group, which is headquartered in Alme', Lombardy, Italy, and presents itself as a company focused on training management, occupational medicine, safety consulting, and safety and environmental services. Public business listings also describe Ora as a customer intelligence platform for tracking, monitoring, and analyzing a company and its competitors online. The available records indicate an other-sector organization with an Italian business presence. It was listed as a ransomware victim associated with lockbit2.

Colonail.com is the website of the City of Colona, a local government in Colona, Illinois, in the United States. The city provides municipal services and public information, with office hours listed Monday through Friday from 8:00 a.m. to 4:30 p.m. Colonail.com was listed as a ransomware victim associated with lockbit2.

familyclinicbri... appears to refer to a family medicine or primary care clinic in the Healthcare / Pharma sector, serving patients with routine and preventive medical care. Publicly available clinic listings show Brio Primary Care in Greenville and Simpsonville, South Carolina, offering preventive care and chronic-condition management across multiple locations. The entity is a healthcare provider rather than a manufacturer or distributor, and its public-facing services center on outpatient primary care. It was listed as a ransomware victim associated with lockbit2.

Northeastern Technical College is a public two-year community college in Cheraw, South Carolina, serving Chesterfield, Marlboro, and Dillon counties. It operates branch campuses in Bennettsville, Dillon, and Pageland and provides college transfer, occupational, technical, and continuing-education programs. The college’s mission is to prepare the local workforce through education and training. It was listed as a ransomware victim associated with suncrypt.

Sierra Packaging Leaked is a threat-intelligence listing for a packaging company in the Other sector, reportedly operating in the United States and offering packaging-related products or services. Publicly available search results do not provide a reliable company profile for this exact name, so the description is limited to the entity label and sector. The entry is used to index a ransomware-related incident for monitoring and analysis. It was listed as a ransomware victim associated with ragnarlocker.

sport is listed in the Other sector and appears as an organization or entity name rather than a clearly identified public company. Available catalog data does not provide a verified location or a detailed public profile for this entity, so its business offerings cannot be stated beyond the listing itself. In threat-intelligence indexes, such entries are used to tag victims by sector and attribution when public disclosure is limited or unavailable. It was listed as a ransomware victim associated with lockbit2.

St Paul most commonly refers to Saint Paul, the capital of Minnesota and the county seat of Ramsey County in the United States. The city serves as a public-sector hub and houses municipal departments that support residents through services such as public safety, parks, and emergency response. In threat-intelligence catalogs, the name may also appear as an entity label when listing incident references. It was listed as a ransomware victim associated with vicesociety.

Acorn Recruitment Limited, now branded as Acorn by Synergie, is a UK staffing and recruitment agency based in Newport, Wales. It provides specialist permanent, contract and temporary recruitment solutions across the UK, serving employers and jobseekers through multiple branches and divisions. The business operates in the recruitment sector and is registered as an active private limited company in Newport. It was listed as a ransomware victim associated with vicesociety.

The De Montfort School is a co-educational secondary school and sixth form in Evesham, Worcestershire, England. It serves students in the Education sector and provides secondary and post-16 schooling. The school has also been profiled as an education employer in Evesham, United Kingdom. It was listed as a ransomware victim associated with vicesociety.

closetheloopeu.... appears to be Close The Loop EU, a Belgian company based in Malle that presents itself as part of the Close The Loop recycling group. Its website lists a Delften 23, Unit 13 address in 2390 Malle and describes recycling-related activity under the group’s circular-economy brand. Public company profiles also place the broader Close The Loop group in Melbourne, Australia, with operations across Australia, the Americas, and EMEA. It was listed as a ransomware victim associated with lockbit2.

jewelry.or appears to be a jewelry-related entity, and jewelry generally covers decorative items such as rings, necklaces, earrings, bracelets, and similar personal adornments. In industry terms, jewelry retail commonly includes the sale of new jewelry, watches, and related repair or customization services. The listing places jewelry.or in the Other sector. It was listed as a ransomware victim associated with lockbit2.

compagniedep is a French entity operating in the manufacturing sector, with its primary activities centered on production and related industrial offerings. The company is based in France and provides goods typical of the manufacturing industry, though specific product details are not publicly documented. While operational specifics remain limited, compagniedep is recognized as part of the broader French manufacturing landscape. The company was listed as a ransomware victim associated with lockbit2, marking its inclusion in this threat-intelligence index.

Hilltop Construction is a U.S. construction firm that provides residential and commercial building services, including design-build work, for projects in Upstate New York. The company describes over 40 years of experience focused on craftsmanship, communication, and durable construction, and it also lists a Freehold, New Jersey headquarters and an Upstate New York operating presence. As a business in the Other sector, it fits a broad construction-services profile rather than a specialized vertical. It was listed as a ransomware victim associated with lockbit2.

Cepima is a research group in the Department of Chemical Engineering at the Universitat Politècnica de Catalunya in Spain. It focuses on computer modelling and optimisation of chemical processes, including the development of artificial-intelligence-based support techniques and software. In a threat-intelligence context, it belongs to the broader category of organizations outside a traditional commercial sector. Cepima was listed as a ransomware victim associated with lockbit2.

XYTECH is a U.S.-based software company focused on media operations for broadcast and production workflows. It provides a media operations platform for managing people, resources, assets, scheduling, workflow, and related business processes in the media and entertainment sector. Its offerings include media resource management and operational automation for organizations handling content and transmission. The listing identifies XYTECH as a ransomware victim associated with lv.

Cicis Pizza is a U.S.-based restaurant chain headquartered in Coppell, Texas, known for its pizza buffet, carryout, delivery, wings, salads, pasta, sides, and desserts. The brand operates locations across the United States and promotes an all-you-can-eat buffet and value-oriented menu for dine-in and to-go orders. The listing refers to CICIS.COM- HACKED AND INFORMATION MORE THEN 120,000 CUSTOMERS LEAKED as a ransomware victim. It is associated with lv.

Bradford Company is a fifth-generation, family-owned U.S. manufacturer of packaging products and material handling systems. It produces industrial chipboard partitions, custom-engineered reusable and returnable protective packaging, and serves industries such as automotive, appliance, electronics, and consumer products. The company is headquartered in Holland, Michigan, and operates additional North American locations. It was listed as a ransomware victim associated with lockbit2.

Jonathan Adler Leaks is a ransomware victim listing tied to the name Jonathan Adler and categorized in the Other sector. Available intelligence does not identify a public-facing business profile, products, or a confirmed operational location for this entry. The listing is used in ransomware tracking catalogs to record claimed victims and related threat activity. It was listed as a ransomware victim associated with ragnarlocker.

Groupe J.F. Nadeau Inc is a Québec-based company in the services sector, with listings placing it in Sainte-Mélanie and Thetford Mines, Canada. Public company descriptions say it specializes in general transport and live poultry transport, with long-standing operations serving local industries. Directory records also associate the firm with excavation, demolition, earthworks, snow removal, and crushing and screening services. It was listed as a ransomware victim associated with blackbasta.

JBS TEXTILE GROUP A/S is a Denmark-based textile company headquartered in Herning, Central Jutland. It is known as Scandinavia’s largest supplier of underwear and says it offers a broad range of clothing through multiple own brands. Company profiles also describe it as operating in apparel and textile distribution and manufacturing. The entity was listed as a ransomware victim associated with blackbasta.

Cavender's is a Texas-based retailer focused on Western wear and fashion, serving customers through stores and online sales in the United States. It has operated for more than 60 years and is known for boots, apparel, and accessories inspired by Western lifestyle and culture. Public store openings show locations across Texas and other U.S. states. It was listed as a ransomware victim associated with blackbasta.

Westwood Country Club is a private country club located in Westwood, Missouri, within central St. Louis County, offering golf, dining, and recreational facilities exclusively for members and their guests. The club, headquartered at 11801 Conway Road in Saint Louis, MO, pursues excellence in providing world-class social and exclusive recreational experiences for its members, families, and guests. It operates as a private club that respects traditional values centered on friendship, camaraderie, and appreciation of the game. Westwood Country Club was listed as a ransomware victim associated with the threat actor Lorenz.

CMC Electronics is a Canadian avionics manufacturer headquartered in Montreal, Quebec, with additional operations in Ottawa, Ontario, and Sugar Grove, Illinois. It designs and manufactures advanced commercial and military avionics, including cockpit systems integration, display solutions, and custom, open-architecture aerospace systems. The company serves civil and defense aviation customers and emphasizes engineering, manufacturing, and support across North America. It was listed as a ransomware victim associated with alphv.

G&P Projects And Systems S.A. is a Brazilian enterprise operating for nearly three decades in the information technology sector, with locations in São Paulo and Rio de Janeiro. The company specializes in delivering end-to-end solutions for developers, contractors, and project teams seeking reliable sourcing and streamlined procurement support. It operates within the communication and marketing industry, providing technology-driven services to clients across Brazil. G&P Projects And Systems S.A. was listed as a ransomware victim associated with the hive threat actor.

Caracol Televisión is a Colombian media and entertainment company and one of the country’s two private national TV networks. Based in Bogotá, it broadcasts popular programming across entertainment, series, realities, telenovelas, documentaries, and live television. The channel is widely known for its national reach and Spanish-language content distribution. It was listed as a ransomware victim associated with hive.

Intertabak AG operates in the tobacco retail and import sector in Switzerland, with locations in Basel, Zurich, Lugano, St. Gallen, Nyon, Zug, Samnaun Dorf, Mendrisio, and Geneva. It presents itself as the exclusive direct importer of Cuban cigars and Cuban cigarillos in Switzerland and Liechtenstein, and its site also promotes La Casa del Habano franchise shops. The company serves consumers through a network of specialist cigar stores and related retail services. It was listed as a ransomware victim associated with lockbit2.

inla is identified in available records as a life sciences organization based in Los Angeles County, California, a region that supports companies in this industry cluster. Life sciences firms typically operate in research, development, and related services for health and biomedical applications. Publicly indexed threat-intelligence material associates inla with the other sector category used in this listing. It was listed as a ransomware victim associated with lockbit2.

T.C. Pharma-Chem Co., Ltd. is a Thailand-based distributor of pharmaceutical and healthcare products, operating from Bangkok and presenting itself as a long-running supplier in the sector. Company information describes its business as serving healthcare and pharmaceutical distribution needs in Thailand. In threat-intelligence listings, tcpharmachem.co... is cataloged as a ransomware victim associated with LockBit2.

GPM Life Insurance Company is a San Antonio, Texas-based life insurer serving individuals and families, federal employees, and active-duty military members. Its offerings include life insurance products and Medicare Supplement coverage, with customer and agent support handled through its Texas headquarters. The company describes itself as a long-standing provider of insurance solutions and related financial protection products. It was listed as a ransomware victim associated with lockbit2.

Foxconn BC, operating at foxconnbc.com, is an electronics and original equipment manufacturer based in Tijuana, Baja California, Mexico. The company describes itself as providing advanced manufacturing services for electronic products and OEM customers, and business listings identify it as a contract manufacturer serving industries such as consumer electronics and medical devices. Public business sources place it in the Other sector because its site focuses on manufacturing services rather than a single end-market. It was listed as a ransomware victim associated with lockbit2.

KönigStahl is a Polish company based in Warszawa, Poland, with additional operations in Poznań and Solec Kujawski. It specializes in the distribution of steel tubes, hollow sections, and drawn steel, and also sells window, door, and facade systems, including Jansen steel systems. The company presents itself as a long-established steel trader serving the Polish market. It was listed as a ransomware victim associated with lockbit2.

Pauly operates in Germany as an office products retailer and distributor, serving business and other customers through its pauly.de web presence and related commercial activities. Company listings place it in the retail and software testing categories, with headquarters in Limburg an der Lahn, Hesse. In threat-intelligence indexes, it is treated as an “Other” sector entity because its public profile is not tied to a single specialized industry. It was listed as a ransomware victim associated with lockbit2.

hospitalsanjose appears to refer to a San Jose, California healthcare provider operating hospital and specialty care services through local medical facilities. Public location listings show San Jose Medical Center at 250 Hospital Pkwy in San Jose, with emergency services available 24 hours a day, alongside additional nearby outpatient and support locations. The organization serves patients in the San Jose area across general hospital and care-center offerings. It was listed as a ransomware victim associated with lockbit2.

BLAIR Inc. is a woman-owned, full-service exhibit house in Springfield, Virginia, serving clients from planning and design through fabrication, shipping, and full installation services. Its offerings also include exhibit development and management, positioning the company in the Services sector. Public business listings place its office at 7001 Loisdale Road in Springfield, VA. It was listed as a ransomware victim associated with blackbasta.

An Technology Company - Paid is an IT-sector company in Australia, operating in information technology and related services. Publicly available search results do not provide a reliable official company profile, so its location and offerings beyond that sector-level identification are not confirmed. In threat-intelligence indexing, it appears as a named entity used to track ransomware-related exposure and attribution context. It was listed as a ransomware victim associated with cheers.

An Financial Company - Paid is a financial-services organization in the Finance, Legal, and Insurance space, a sector that includes providers of lending, insurance, and related risk-management services. In the United States, premium finance companies are a regulated class of financial businesses that help customers fund insurance premiums, and financial-services firms often also support legal and insurance operations. The listing appears in a threat-intelligence context rather than as a public corporate profile. It was listed as a ransomware victim associated with cheers.

An Belgium Hospital - Unpay appears as a Belgium-based healthcare and pharma entity in a hospital context, indicating activity centered on patient care and related medical services in Belgium. Public reporting on Belgian hospitals in ransomware incidents describes operational disruption, including cancelled surgeries and staff payment issues, underscoring the sector’s exposure to cyber risk. The listing reflects a healthcare organization rather than a cyber actor, and its name suggests an unpaid account or billing-related label used in threat-intelligence indexing. It was listed as a ransomware victim associated with cheers.

An International Maritime Company - Unpay is a Services-sector maritime business associated with maritime operations and seaborne commerce in Panama. International maritime companies typically provide shipping, vessel, crew, logistics, or related support services to keep trade moving across ports and routes. The name suggests a company operating in the maritime services space rather than a manufacturer or retailer. It was listed as a ransomware victim associated with cheers.

Travira Air is an Indonesian air charter service operator headquartered in Jakarta. Public company profiles also describe it as providing maintenance services in the aviation sector and serving specialized commercial clients from its Jakarta base. The company is associated with charter operations rather than scheduled passenger airline service. It was listed as a ransomware victim associated with hive.

XEIAD appears to be a United Kingdom-based organization in the broad “Other” sector, indicating a business or entity outside standard industry classifications. Publicly available details about its specific offerings are limited, so a neutral profile should avoid assuming products or services beyond its identified sector and country. Hive is a ransomware operation known for double extortion, which has targeted organizations across multiple sectors. XEIAD was listed as a ransomware victim associated with Hive.

undefined is listed here as an entity in the Other sector, but no reliable public details in the provided sources identify its location, offerings, or corporate profile. Black Basta is a ransomware-as-a-service group known for double-extortion operations, using encryption plus data-theft threats against organizations across many industries. Public reporting shows it has targeted a broad mix of sectors worldwide, including business services, manufacturing, finance, healthcare, and infrastructure. It was listed as a ransomware victim associated with blackbasta.

floridavets.org is the official website of the Florida Department of Veterans’ Affairs, a US public-sector agency based in Largo, Florida. It serves as a central entry point for Florida veterans seeking benefits, claims help, employment support, and other state and federal services. The site also provides contact details for service officers, crisis support, and veterans’ preference guidance. It was listed as a ransomware victim associated with quantum.

kerrylog is an organization in the Other sector; public search results do not provide a verified company profile, so its exact location and offerings are not clearly documented. In a threat-intelligence context, it is best described only at that general level unless a first-party source identifies the business more specifically. LockBit 2.0 is a ransomware-as-a-service operation used to extort victims through data theft and encryption. kerrylog was listed as a ransomware victim associated with lockbit2.

Skinnertran, formally known as Skinner Transportation, Inc., is a trucking company headquartered in Austin, Texas, specializing in the transport of hot asphalt and emulsions for highway construction projects in central Texas. Founded in 1992, the firm provides high-quality, accident-free transportation services primarily for clients working with asphalt and related materials. The company operates with a workforce of 41 to 49 employees and maintains its base at 850 Ed Bluestein Blvd., Austin, TX, United States. Skinnertran was listed as a ransomware victim associated with the threat actor Lockbit2, with no official confirmation of stolen data types or breach specifics disclosed by the company itself.

ils.theinnovate... appears to be a U.S.-based organization associated with the broader Innovate branding, but public search results do not clearly identify a specific sector, location, or services for this exact entity. Because the name is incomplete, its operational profile cannot be verified from available sources without risking misidentification. In threat-intelligence catalogs, such records are often used to index entities tied to intrusion claims or extortion campaigns for analyst review. It was listed as a ransomware victim associated with lockbit2.

Lamborghini, Ferrari, Fiat Group, VAG and Brembo are names tied to major automotive manufacturers and suppliers in Italy and Europe, spanning luxury cars, mass-market vehicles, components and braking systems. Ferrari and Lamborghini are Italian performance-car brands, Fiat Group is an Italian automotive group, VAG refers to Volkswagen Group, and Brembo is a specialist manufacturer of braking systems used across the automotive industry. The listing also references data from other automobile concerns, indicating a broader automotive-targeted context rather than a single company profile. It was listed as a ransomware victim associated with Everest.

MEbulbs, formerly Maintenance Engineering Ltd, is a premium industrial lighting company headquartered in Fargo, North Dakota, United States. The firm designs, develops, and markets its own lighting products, including light bulbs, LED bulbs, fixtures, and retrofits for offices, stores, schools, and factories. It serves commercial, industrial, and retail sectors with comprehensive lighting solutions for diverse applications. MEbulbs was listed as a ransomware victim associated with the threat actor lorenz.

edm-stone.com is associated with EDM USA, a construction-sector business that offers natural stone and marble procurement, fabrication, and installation services for interior projects. Public business listings describe the company as focused on stone and marble work, including design-oriented supply and installation for clients in the United States. The domain and related profiles point to a U.S.-based operation serving commercial and residential stone projects. It was listed as a ransomware victim associated with lockbit2.

SOUCY is a Canadian industrial group based in Drummondville, Québec, that designs and manufactures track systems and high-performance components and accessories for off-road vehicles. Its broader operations also include parts and castings for sectors such as power sports, agriculture, defense, and industrial applications. Public company listings describe Soucy as an integrated manufacturing and distribution group with multiple Québec locations. It was listed as a ransomware victim associated with hive.

Guardian Fueling Technologies is a privately held US company based in Jacksonville, Florida, serving fuel system owners and operators across the Southeast. It provides petroleum equipment distribution, fueling system construction, installation, maintenance, and related service support. Public company materials describe it as a provider of world-class fueling solutions and technology with multiple branch locations across several states. It was listed as a ransomware victim associated with Hive.

ChemStation International, Inc. is a US-based company headquartered in Dayton, Ohio that produces industrial cleaning and process chemicals. The company's products serve diverse industries including concrete form release, flexographic printing, floor cleaning, food and beverage, forest products, odor control, parts cleaning, and transportation. ChemStation offers custom-formulated, environmentally friendly cleaning solutions delivered via a unique refillable container system. The company was listed as a ransomware victim associated with the hive threat actor.

GUARDFUEL is a US-based Energy sector company that designs, constructs, services, and distributes equipment for petroleum storage, pumping, and dispensing systems, as well as EV chargers and associated products. The company provides factory-authorized service, sales, and installation of major equipment lines for retail and commercial-industrial fuel system applications across Florida, North Carolina, and Georgia. GUARDFUEL was listed as a ransomware victim associated with the threat actor hive.

NUAIRE LIMITED is a British company registered in Leeds, England, specializing in the manufacture of non-domestic cooling and ventilation equipment. Founded in 1966 and headquartered in Bridgend, Wales, the firm produces fans for both commercial and residential applications. For over 50 years, Nuaire has provided clean air solutions through ventilation systems for residential, commercial, and industrial buildings. The company was listed as a ransomware victim associated with the threat actor hive.

IGHQ is a U.S.-based real estate company headquartered in San Diego, California, with a Boston presence and a portfolio focused on life-science and innovation districts. Its website says it develops properties in major U.S. research hubs and in the United Kingdom, serving tenants in science and technology-driven markets. Public business directories also classify IGHQ as a real estate firm. It was listed as a ransomware victim associated with hive.

Huge iCloud Nudes Leak refers to a collection of nude photographs of celebrities that were exposed after hackers gained unauthorized access to their iCloud accounts through targeted phishing attacks. The incident occurred in the IT sector, primarily affecting users in the United States, with offerings centered on the public dissemination of stolen intimate images from cloud storage. Apple confirmed that certain celebrity accounts were compromised via a highly targeted assault on usernames, passwords, and security questions, though no breach of Apple’s own systems was found. This listing was categorized as a ransomware victim associated with the darkleakmarket group, which operates as a dark web data resale marketplace active since at least 2019.

Yachiyo Of America is a Tier 1 automotive supplier specializing in plastic fuel tanks and sunroofs, operating its North American headquarters and R&D center in Columbus, Ohio. The company, founded in 1997 as a consolidated subsidiary of Motherson Yachiyo Automotive Systems, is committed to innovation and quality in manufacturing automotive components. It serves the global automotive industry with products including fuel tanks, sunroofs, and rollshades, maintaining production facilities in Marion, Ohio. Yachiyo Of America was listed as a ransomware victim associated with the threat actor hive.

AGCO Corporation is a U.S.-based agricultural equipment company headquartered in Duluth, Georgia, that designs, manufactures, and distributes machinery and precision-agriculture solutions for farmers worldwide. Its portfolio includes tractors, harvesting equipment, and related brands that support modern farming operations. The company operates globally and serves the agricultural sector as an equipment and technology supplier. It was listed as a ransomware victim associated with blackbasta.

LCRD is NASA’s Laser Communications Relay Demonstration, a space communications mission managed by Goddard Space Flight Center in the United States. It tests optical relay links that move data between spacecraft and Earth using laser communications, with ground stations in California and Hawaii. The program supports NASA and external partners by evaluating high-speed, bidirectional laser communications for future missions. It was listed as a ransomware victim associated with Conti.

The Contact Company is a small-sized contact center solutions provider located in Birkenhead, Merseyside, United Kingdom, specializing in outsourced customer support services. As a European BPO, the firm offers exceptional services in the customer service industry, managing inbound and outbound helplines for retail, eCommerce, and financial clients. The company helps businesses maintain customer satisfaction by staffing helplines on demand, ensuring fast and personalized service across multiple channels. It was listed as a ransomware victim associated with the threat actor conti.

PointsBet is an Australian-founded online sports wagering operator and iGaming provider that offers sports and racing betting products and services. It is headquartered in Melbourne, Victoria, Australia, and operates as an ASX-listed company in the horse and sports betting sector. The brand serves customers through its digital betting platform and related wagering services. It was listed as a ransomware victim associated with LockBit2.

TRANSCONTRACT is a ship-management company founded in 1994, focused on employing seamen and other crew members on foreign vessels. It operates in the maritime services sector and is associated with London, United Kingdom, through its UK-registered ship-management business. Public company records also show a dissolved UK entity using the TRANSCONTRACT name, underscoring that the name has been used in shipping-related operations. The entity was listed as a ransomware victim associated with kelvinsecurity.

Mansfield Energy is a family-owned energy company headquartered in Gainesville, Georgia, serving customers across North America. Founded in 1957, it provides fuel supply, logistics, and energy procurement solutions, including diesel, natural gas, and related energy management services. The company says it operates in every U.S. state and all 10 Canadian provinces. It was listed as a ransomware victim associated with kelvinsecurity.

Central Restaurant Products is a leading wholesale distributor of commercial kitchen equipment and supplies, headquartered in Indianapolis, Indiana, serving the foodservice industry in the United States and internationally. The company offers over 10,000 items including refrigeration solutions, cooking equipment, restaurant furniture, food preparation tools, and dishwashing sanitation systems. Founded in 1981, it supplies a wide range of commercial kitchen equipment and smallwares to more than 250,000 customers across the Hospitality, Food & Beverage, and Tourism sectors. Central Restaurant Products was listed as a ransomware victim associated with the threat actor conti.

Schaumburg Park District is a parks and recreation agency serving Schaumburg, Illinois, in the Chicago metropolitan area. It provides community leisure opportunities through programs, facilities, parks, and open spaces, and it maintains more than 60 parks across the area. The district operates as a local public-sector service organization focused on recreation, events, and outdoor amenities. It was listed as a ransomware victim associated with conti.

VitalPrev is a Brazilian company based in São Paulo, with a contact address in Vila Mariana, that presents itself as a provider in occupational medicine and preventive health. Its website says it has operated in workplace health and safety for more than 19 years, offering occupational medicine management, preventive health services, and SST training. Public business directories also classify the company in human health services. The entity was listed as a ransomware victim associated with lockbit2.

VIT is an Australian education provider based in Melbourne, with additional campuses in Geelong and Adelaide. It offers higher-education and vocational pathways, including bachelor’s, master’s, MBA, vocational, and ELICOS programs, and provides in-person and remote support for prospective students. Public contact details and campus addresses are listed on its website. VIT was listed as a ransomware victim associated with lockbit2.

PetLink operates in the **pet identification and reunification** sector, offering microchip registration, lost-pet recovery tools, and GPS tracking products for dogs and cats. Its website also supports veterinarians, shelters, and other animal professionals in registering and managing pet records. Based in the United States, PetLink presents itself as a long-running service focused on helping owners and pets reconnect. The domain was listed as a ransomware victim associated with **lockbit2**.

Kuwait Flour Mills and Bakeries Company is a leading food industry pioneer in the State of Kuwait, operating across nine facilities throughout the country. The company specializes in food industries, including flour milling and bakery production, with bakeries located in Al Shaab, Kifan, Khaitan, Jahraa, Yarmouk, Shuwaikh, Rumaytheya, and Ahmadi. It serves as a cornerstone of Kuwait's food security infrastructure, supporting national milling and grain storage operations at its Al Shuwaikh port site. The company was listed as a ransomware victim associated with the LockBit2 threat actor.

Erdwärme Grünwald GmbH is a German geothermal-energy company based in Grünwald, Bavaria, with offices at Rathausstraße 3, 82031 Grünwald. It develops and operates deep geothermal projects that use underground heat to supply energy, including heating and power generation. Public project information identifies its Grünwald geothermal plant as an established local energy asset. The company was listed as a ransomware victim associated with lockbit2.

architectenbure... is an architecture business in the Netherlands, part of the broader architecture sector that plans and designs buildings and related spaces. Architecture firms typically develop concepts, drawings, and project documentation for clients across commercial, residential, and public projects. The available listing identifies architectenbure... in an “Other” sector classification. It was listed as a ransomware victim associated with lockbit2.

Allports Group is a UK-based services company focused on logistics and commercial vehicle support. Its website lists sea freight, air freight, customs clearance, road transport, warehousing, and courier services, while company profiles also describe van, truck, and trailer products and services for operators across the United Kingdom. Established in 1959, it serves commercial vehicle customers with purchase, leasing, rental, and aftersales support. It was listed as a ransomware victim associated with blackbasta.

RateGain Travel Technologies Limited is an India-based software-as-a-service company focused on the travel and hospitality industry, with its primary office in Noida, Uttar Pradesh. It offers AI-powered products for rate intelligence, revenue optimization, channel distribution, and guest engagement across hotels and other travel providers. The company is also described as serving more than 13,000 customers globally. It was listed as a ransomware victim associated with hive.

RateGain Travel Technologies Limited is an India-based software-as-a-service company focused on travel and hospitality technology. It provides AI-powered tools for rate intelligence, revenue optimization, channel distribution, and guest experience management for travel businesses. The company is headquartered in Noida, Uttar Pradesh, and serves customers across the travel ecosystem, including hotels, airlines, and online travel agents. It was listed as a ransomware victim associated with Conti.

Intertabak AG is a Swiss tobacco company based in Pratteln, Basel-Landschaft, with operations focused on Habanos cigars and mini cubanos in Switzerland. The company also operates specialist retail channels, including La Casa del Habano locations in Swiss cities such as Basel, Zürich, Lugano, St. Gallen, Zug, Samnaun, Nyon, Mendrisio and Geneva. Public company profiles describe Intertabak AG as a tobacco manufacturing and retail business with a small corporate workforce. It was listed as a ransomware victim associated with lockbit2.

Virtus Advocate... is a United States-based business in the finance, legal and insurance space, offering insurance, risk management, and related advisory services. Public business materials describe Virtus as an insurance brokerage and consulting firm serving clients with professional guidance across legal and compliance-sensitive matters. It operates in a regulated services environment where confidentiality, liability, and client trust are central. It was listed as a ransomware victim associated with lockbit2.

Carinthia is Austria’s southernmost federal state, known for its mix of industry, technology, forestry, agriculture, and tourism. It promotes investment and business activity through regional support services and a broad economic network. The region also markets itself as a destination for alpine scenery, lakes, and year-round visitor offerings. It was listed as a ransomware victim associated with alphv.

VMT GmbH is a German services company based in Bruchsal, Baden-Wuerttemberg, that provides smart systems for navigation, monitoring, quality control, and data management in tunnelling and industrial measurement. Its offerings include surveying services, guidance and control systems, and industrial 3D measurement solutions for tunnel construction and related applications. The company has described itself as a long-standing supplier to the tunnelling industry and operates from Stegwiesenstraße 24 in Germany. It was listed as a ransomware victim associated with Ragnar Locker.

Active Communications International (ACI) is a conference planning and production company in the communication and marketing sector, based in Chicago, Illinois, with offices reported in London, Pune and other locations. ACI has operated since 1999 and is described as producing and running business conferences across industries such as healthcare, energy, maritime, and LNG. Its services focus on event organization, forum facilitation, and industry networking. It was listed as a ransomware victim associated with quantum.

Transsion.com is a Chinese multinational telecommunications manufacturing company headquartered in Shenzhen, CN, specializing in mobile phone production and mobile Internet services. The firm offers high-quality multi-brand smart devices, including smartphones and feature phones under the TECNO, itel, and Infinix brands, while also providing after-sales services via Carlcare. Founded in 2006, Transsion Holdings has become a leading player in mobile industries across global emerging markets, notably Africa, where it surpassed Samsung in smartphone sales by 2017. Transsion.com was neutrally listed as a ransomware victim associated with the Quantum threat actor.

Eurocept operates within the Other sector, with its primary location and offerings not publicly detailed in available sources. The entity's specific services and operational scope remain generally described due to limited public information. Despite this, Eurocept was neutrally listed as a ransomware victim associated with the Quantum threat actor. This listing highlights the entity's exposure to cyber threats without confirming specific breach details or stolen data types. The association with Quantum underscores the broader risk landscape facing organizations in the Other sector.

Imenco AS is a Norway-based industrial group headquartered in Aksdal, Rogaland, and it operates across offshore oil and gas, offshore renewables, aquaculture, marine and naval, and industrial markets. The company was established in 1979 and describes itself as providing industrial products, engineering services, and related technologies for global industries. Its business profile centers on engineering and manufacturing support for complex offshore and marine operations. Imenco AS was listed as a ransomware victim associated with conti.

Concepts in Millwork is a privately held millwork company based in Colorado Springs, Colorado. It specializes in custom architectural millwork and fixtures for commercial and institutional projects, including retail, medical, education, sports, hotels, and airports. Public company profiles and its website describe it as a family-owned business serving tailored design and fabrication needs. It was listed as a ransomware victim associated with Conti.

Eurofred is a Spain-based company headquartered in Barcelona that distributes air conditioning, industrial heating, commercial refrigeration, catering equipment, spare parts, and related services. Founded in 1966, it serves residential, commercial, and industrial markets across Spain and other European operations. Public company information also describes Eurofred as a leader in air conditioning and climate-control distribution. It was listed as a ransomware victim associated with conti.

Agile Sourcing Partners is a California-based supply chain services company serving the utilities sector nationwide. Its offerings include procurement, workforce, project management, and outsourced supply chain support for gas and electric utilities, supply partners, and utility contractors. The company has operated since 2006 and lists multiple U.S. locations, including Anaheim and Corona, California. It was listed as a ransomware victim associated with conti.

Alimentos y Frutos S.A., also known as Alifrut, is a Chilean company based in Santiago, with its main office in Quilicura. It operates in the production of frozen fruits, juices, and vegetables, serving the agroindustrial food sector. Company and trade listings also place it at Camino Lo Echevers 250 and identify it as part of Empresas Minuto Verde. It was listed as a ransomware victim associated with conti.

Worksoft is an enterprise test automation company founded in 1998, headquartered in Addison, Texas, United States. It provides a codeless platform that enables teams to automate testing, data provisioning, and corrections without technical expertise. The company’s primary offering, Worksoft Certify, is an automated software testing solution designed for scalability and efficiency in enterprise environments. Worksoft helps businesses optimize processes by ensuring they drive success rather than merely run. The company was listed as a ransomware victim associated with the Conti threat actor.

Omicron Consulting S.r.L is a Romanian business and management consulting company based in Bucharest, operating in the Services sector and offering professional consulting activities. Business directories classify it under business and other management consultancy services, reflecting an advisory role rather than a product manufacturing profile. In threat-intelligence catalogs, it appears as a ransomware victim entry connected to the conti actor. The listing is neutral and does not by itself confirm the scope or impact of any incident.

Pianca is an Italian furniture manufacturer based in Gaiarine, Treviso, with a headquarters at Via dei Cappellari 20 in Veneto. Founded in 1954, it produces home furnishings and related interior solutions and sells through retail networks in Italy and abroad. Company materials describe it as a Made in Italy brand with production facilities in Italy and export markets. It was listed as a ransomware victim associated with conti.

Allcat Claims Service is a U.S. services company based in Boerne and San Antonio, Texas, that provides insurance claims handling and adjusting support. Its offerings include initial claims calls, estimating, closing, check issuance, electronic reporting, tracking, and other end-to-end claims services for insurance carriers and policyholders. Company materials also describe it as a total-solution provider for insurance claims and related field and desk services. It was listed as a ransomware victim associated with Conti.

Berschneider GmbH is a German meat-specialties producer based in Valluhn, Mecklenburg-Vorpommern, Germany. Founded in 1966 in Hamburg, the company relocated to Valluhn in 1994 and describes its business as Fleischspezialitäten Produktion. Public company profiles also describe it as an animal-processing firm offering smoked and canned meats, sausages, and poultry. It was listed as a ransomware victim associated with lockbit2.

etrp is an entity in the Other sector, but the available public record does not provide a verified business description, location, or product list. In threat-intelligence catalogs, it is therefore identified conservatively by its name and sector rather than by unconfirmed operational details. The listing connects etrp to the LockBit2 ransomware ecosystem as a victim entry. It was listed as a ransomware victim associated with lockbit2.

Reitzner is a U.S.-based business in the “Other” sector; available public records do not clearly identify a single company profile or offering for this name. As a result, its location and services cannot be stated confidently from the supplied sources, and any fuller description would require direct first-party or corporate records. In threat-intelligence catalogs, Reitzner is referenced as an organization of interest rather than as a published incident narrative. It was listed as a ransomware victim associated with LockBit2.

HEMERIA is a French industrial company based in Toulouse, France, and it operates in the defense and space sectors, supplying technology-intensive equipment and systems. Its work includes integrated sub-assemblies, satellite platforms, composite panels, electrical harnesses, thermal protections, and related space hardware. Public materials also describe HEMERIA as a provider of secure equipment for demanding aerospace and defense applications. It was listed as a ransomware victim associated with snatch.

Elkuch Group is a Liechtenstein-based holding company specializing in environmental services and high-quality steel products for construction. The group delivers waste management solutions for airports, hospitals, hotels, and food production facilities, alongside demanding steel doors and frames for public spaces. With manufacturing sites in Liechtenstein, Switzerland, and Germany, Elkuch employs approximately 400 people focused on metall processing and construction. Elkuch Group was listed as a ransomware victim associated with the threat actor blackbasta.

seatarrabida.pt is a Portuguese website associated with the Arrábida area, a region in Setúbal known for its natural park, coastline, tourism, and outdoor activities. The name suggests a local, place-linked service or business presence in Portugal rather than a large industrial or public-sector organization. In a threat-intelligence index, it is cataloged under the Other sector for Portugal. It was listed as a ransomware victim associated with lockbit2.

FOCUS Adventure is a Singapore-based corporate team-building and adventure-learning company that offers experiential programs designed to build collaboration, leadership, and team spirit. Its headquarters are in Singapore, and its services are positioned for organizations seeking outdoor and adventure-based learning experiences. Public company profiles describe it as a premier provider in the region with facilities in Singapore and other locations. It was listed as a ransomware victim associated with lockbit2.

Grupo Pavisa is a privately held glass product manufacturer based in Naucalpan, Mexico, with a history dating to 1952. It produces artisanal glass containers and other glass and crystal products for industrial and commercial customers. Company profiles describe it as part of the glass product manufacturing sector and note its headquarters in Mexico. The company was listed as a ransomware victim associated with blackbyte.

Contraloría General de la República Bolivariana de Venezuela is the country’s public audit and fiscal-control authority, based in Caracas on Avenida Andrés Bello. It provides citizen and declarant support, contact channels, and administrative services related to state oversight and accountability. In official Colombian and Venezuelan government references, similar contralorías are described as the highest fiscal-control bodies charged with supervising public resources and enforcing control procedures. The entity was listed as a ransomware victim associated with blackbyte.

bsm.upf.ed refers to UPF Barcelona School of Management, the management school of Pompeu Fabra University in Barcelona, Spain. It offers internationally accredited master’s degrees and postgraduate courses in business and management, with a focus on academic rigor, research, and knowledge transfer. The school is part of a public university recognized for excellence in teaching and research, and it presents itself as a global business school serving professional and industry-oriented education needs. It was listed as a ransomware victim associated with lockbit2.

Salumificio Benese S.r.l. is an Italian food producer based in Bene Vagienna, Piedmont, where it makes cured meats and related specialty meats. The company says it has operated since 1973 and focuses on selecting quality raw materials for its products. In threat-intelligence listings, the entity name appears as salumificiovene... with sector tagged as Other. It was listed as a ransomware victim associated with lockbit2.

de is an entity in the Other sector and, based on its name alone, no reliable public information in the search results identifies its location, offerings, or corporate profile. In threat-intelligence catalogs, such sparse entries are often used when the available record names a target but does not provide enough context to describe it more specifically. LockBit 2.0 was a ransomware-as-a-service operation that used double-extortion tactics and was widely active in ransomware leak-site reporting. de was listed as a ransomware victim associated with lockbit2.

SPORTPLAZA is a Netherlands-based business entity; public company records identify Sportplaza Moerdijk B.V. as a holding company founded in 2005. The name also appears in commercial directories for a sports and fitness business, but the available records do not clearly establish a more detailed operating profile. In threat-intelligence indexes, SPORTPLAZA is listed as a ransomware victim associated with Hive.

firbarcarolo.it is an Italy-based site associated with the hospitality, food and beverage, and tourism sector, reflecting a business focused on guest services and visitor-oriented offerings. Its name suggests a branded local presence in the Italian market, where such businesses typically serve travelers, diners, and leisure customers. In threat-intelligence catalogs, it is listed as a ransomware victim associated with lockbit2.

The Catholic Foundation is a separate 501(c)(3) organization established to serve the Catholic community in northeastern Wisconsin, specifically Green Bay, WI. It functions as a philanthropic entity that connects donors with nonprofits, manages funds, and facilitates long-term, sustainable support for parishes. The organization offers centralized fundraising resources and focuses on planned giving and endowment building to strengthen the church. It was neutrally listed as a ransomware victim associated with the threat actor vicesociety.

Morrison Express is a global freight forwarding and logistics company founded in 1972 and headquartered in Taipei, Taiwan, with U.S. operations in El Segundo, California, and a European hub in Luxembourg. It provides supply-chain and transport services for hi-tech, automotive, consumer, healthcare, chemical, industrial, and energy clients, with particular strength in semiconductor and high-tech logistics. Public company materials describe it as a leading logistics provider with a worldwide network. It was listed as a ransomware victim associated with lockbit2.

Bata is a multinational footwear company headquartered in Lausanne, Switzerland, known for manufacturing and retailing shoes, apparel, and related fashion accessories. Its business spans company-owned stores, franchised outlets, and e-commerce operations across international markets. Public company profiles describe Bata as one of the world’s leading footwear brands with a global retail footprint. It was listed as a ransomware victim associated with lockbit2.

EIITNET appears to be a U.S. organization classified in the Other sector, but the available source set does not identify its public offerings or operational profile. In this index context, the name is used to label an affected entity rather than to describe a confirmed compromise. Hive is a ransomware-as-a-service operation known for double-extortion tactics and widespread victimization. EIITNET was listed as a ransomware victim associated with hive.

CARTEGRAPH is a US-based software company in the Other sector, headquartered in Dubuque, Iowa. It builds software for local governments and similar organizations to manage physical assets, work orders, infrastructure, and facility planning. Its products are used to support stewardship of buildings and critical infrastructure, helping teams map, track, and maintain assets more efficiently. CARTEGRAPH was listed as a ransomware victim associated with hive.

Skinner Transportation Inc. is a transportation and logistics company based in Austin, Texas. It hauls hot asphalt, liquid asphalt, emulsions, and related materials for customers in Texas and nearby states. Public company listings also show terminal and job postings tied to Austin and Clifton, Texas. It operates in the broader transportation sector and supports freight movement for construction and road-surfacing materials. It was listed as a ransomware victim associated with lockbit2.

gymund.dk is a Danish education-sector domain used by gymnasium networks and services, including student login, printing, and Office 365 access for school users in Denmark. Public school guidance pages show the domain tied to institutional IT services and account formats ending in @gymund.dk. In a threat-intelligence context, it is cataloged as an entity in the "Other" sector rather than a commercial brand. It was listed as a ransomware victim associated with lockbit2.

MagTek is a Seal Beach, California-based manufacturer of electronic systems for secure card issuance, reading, transmission, and authentication. Its products include payment hardware, EMV card readers, PIN pads, check scanners, and related transaction-security services. The company serves organizations that need secure payment and identity workflows across financial and retail environments. It was listed as a ransomware victim associated with Lorenz.

Tri-Ko is a United States company in the Other sector, and public business information for the name is limited in the available sources. Its exact offerings are not clearly identified in the search results, so this entry describes it conservatively as a US-based business outside a more specific industry classification. The threat-intelligence listing associates Tri-Ko with Hive, a ransomware group active since 2021. Tri-Ko was listed as a ransomware victim associated with hive.

groupe-trouille... appears in the Services sector in France, a broad category that covers organizations delivering business, professional, or operational support. Public web results do not provide enough verified detail to identify its exact offerings or city, so a conservative description is appropriate. In threat-intelligence catalogs, it is indexed as a victim entry rather than as a confirmed breach case. It was listed as a ransomware victim associated with lockbit2.

gdctax.com.au is the website for GDC Chartered Accountants, an accounting firm in New South Wales, Australia, serving clients with tax and financial support. Public business profiles describe services including tax compliance, tax planning, auditing, business services, accounting software, and SMSF advice. The firm presents itself as focused on personal service for a range of clients across industries. It was listed as a ransomware victim associated with lockbit2.

fed-gmbh.de refers to Fördersysteme Engineering GmbH (FED), a mid-sized company based in Darmstadt, Germany. The company operates in machinery engineering and automation, with a workforce of about 15 employees and a focus on conveying systems engineering. Its website presents it as a specialist provider of industrial engineering solutions. It was listed as a ransomware victim associated with lockbit2.

Contractors Pipe and Supply Corporation is a family-owned wholesale plumbing and heating distributor based in Farmington Hills, Michigan. It serves professional trades across southeastern Michigan with plumbing products and services such as pipes, fixtures, water heaters, and related supplies. The company has operated since 1964 and supports contractors, mechanical trades, and other construction-related customers. It was listed as a ransomware victim associated with blackbasta.

http://wsretail... is listed in threat-intelligence records as a company in the Other sector, with publicly available details about its exact operations not clearly disclosed. Based on its name alone, it appears to be a retail-related business, but no authoritative public source in the provided results confirms its location, products, or services. LockBit 2.0 is a ransomware strain and associated victim listings are used to track entities named by the group. In this index, http://wsretail... was listed as a ransomware victim associated with lockbit2.

Atlanta Perinatal Associates is a Georgia medical group in Atlanta that provides maternal-fetal medicine and physician assistant care, with locations serving patients across the metro area. The practice is based in Atlanta and appears to focus on prenatal and high-risk pregnancy services. It operates as a healthcare provider under the other sector classification. Atlanta Perinatal Associates was listed as a ransomware victim associated with vicesociety.

Carmel College is a PreK through Grade 12 educational institution located in rural Caroline County, Virginia, offering exceptional education and opportunities for all students. The campus rests on 145 acres in a rural setting approximately halfway between Richmond and Fredericksburg. Carmel College was listed as a ransomware victim associated with the threat actor vicesociety.

Higher School of the Public is an educational institution operating within the Education sector, providing public schooling and academic offerings to students in its community. Based on its name and sector, it likely delivers K-12 education or similar public school programs, serving students and families in its local area. The institution aligns with public education providers that focus on equipping students with essential skills for academic and personal development. Higher School of the Public was listed as a ransomware victim associated with the threat actor vicesociety.

Important announcement is an entity in the Other sector, with publicly available details indicating it operates in lv. Available source material does not provide enough verified information to describe its offerings more specifically, so the listing should be treated as a generic organizational profile. In threat-intelligence coverage, it appears as an indexed victim entry rather than a confirmed incident narrative. It was listed as a ransomware victim associated with lv.

Clublinks is an Australian company based in Victoria that provides leisure, sports and fitness, residential, aquatic, and facilities management services. Public profiles describe it as a privately owned operator serving golf, leisure, and community settings across Australia. Its business spans service delivery for venues and residential environments rather than a single consumer product. The company was listed as a ransomware victim associated with LockBit2.

Mercyhurst University is a private Catholic liberal arts university in Erie, Pennsylvania, serving more than 2,000 traditional undergraduates on a residential campus. It offers 50+ undergraduate majors, 10+ graduate programs, and other academic services, including study abroad, career development, and student life programs. The university also supports campus engagement through athletics, leadership, and experiential learning. Mercyhurst.edu was listed as a ransomware victim associated with lockbit2.

Clublin operates within the Other sector, providing general offerings from its base in the United Kingdom. The entity functions as a service provider with broad operational scope, though specific industry details are not publicly defined. Clublin maintains a neutral presence in its market, delivering standard services to its clientele. The organization was listed as a ransomware victim associated with LockBit2, reflecting its involvement in a recent cyberattack incident.

Xplay Data Leak is an other-sector entity in the United States that appears in ransomware-victim indexes under the name “Xplay Data Leak.” Public indexing does not identify its offerings, but the record is treated as a threat-intelligence listing rather than a confirmed breach report. Ransomware.live recorded the item as discovered on 2022-05-18. It was listed as a ransomware victim associated with darkleakmarket.

SUNTECKtTS is a full-service transportation logistics provider headquartered in Jacksonville, Florida, operating through a network of sales and independent business owner agents across the United States. The company delivers multimodal transportation solutions serving diverse markets including food, oil, automotive, electronics, textiles, lumber, and paper-printing products. As a MODE Global company, SUNTECKtTS offers instant rate quotes and 24-hour customer service access through 50 strategically located centers. The organization was listed as a ransomware victim associated with the LockBit2 threat actor, reflecting emerging cyber risks in the transportation logistics sector.

MODE Transportation is a North American transportation and logistics company that provides freight management and shipping services across truckload, less-than-truckload, intermodal, parcel, air, ocean, and supply-chain operations. Its public company profile says it serves domestic and international freight customers through a broad carrier network and end-to-end transportation solutions. Based on the available indexing, the entity appears under the Transportation, Travel and Logistics sector and is associated with the LockBit2 ransomware ecosystem. It was listed as a ransomware victim associated with lockbit2.

Tex-Isle Supply is a Houston, Texas-based manufacturing and engineering company serving the energy and industrial supply chain in the United States. Public company profiles describe it as a distributor of energy tubulars with value-added manufacturing and processing capabilities, and Tex-Isle also offers pipe coating, heat treatment, inspection, threading, and related technical support. Its website says the company serves applications including structural steel tubing for roads, bridges, and pressurized water and gas systems. Tex-Isle Supply was listed as a ransomware victim associated with quantum.

Vivalia is a Belgian healthcare organization based in Luxembourg Province, operating a regional network that includes six hospital sites, nursing homes, a polyclinic, and a psychiatric care home. Company profiles also describe it as a provider of other clinical services, with headquarters in Bastogne, Belgium. In threat-intelligence indexing, vivalia.be was listed as a ransomware victim associated with lockbit2.

FOR BlackCat and LockBit advert is a threat-intelligence index entry for a victim in the Other sector; the name suggests a public-facing advert or notice tied to BlackCat and LockBit activity. As a ransomware-victim listing, it identifies an organization associated with the Conti ecosystem rather than describing a product, service, or geographic operation. LockBit is a ransomware-as-a-service operation used by affiliates to encrypt victim systems and extort payment, and Conti is a prominent ransomware group active since 2020. The entry was listed as a ransomware victim associated with conti.

2easy.com.br is a Brazilian business services company based in São Paulo, Brazil, focused on human resources, payroll BPO, SaaS, and related support services. Its public materials describe offerings for workforce administration, payroll processing, and connected HR tools for client organizations. The company operates from São Paulo and serves business customers across multiple segments. It was listed as a ransomware victim associated with lockbit2.

khs-wp.de is KHS Kempis Kleinlosen, a professional insurance services firm based in Cologne, Germany, that covers professional activities across Germany, EU member states, Turkey, and former Soviet Union territories. The company operates from Wilhelm-von-Capitaine-Straße 20 in D-50858 Cologne, providing insurance coverage for professional activities in multiple jurisdictions. It maintains a positive team culture with flat hierarchies and equal opportunities, reflecting a unique Cologne charm in its workplace environment. The firm was listed as a ransomware victim associated with LockBit2, with the data breach discovered on May 18, 2022.

upskwt is an organization in the broad Other sector, which typically covers businesses outside standard industry categories such as manufacturing, finance, or healthcare. Publicly available information does not clearly identify its products, services, or location beyond its appearance in ransomware-victim tracking. In threat-intelligence catalogs, such entries are used to document entities named on leak sites or incident lists without asserting the full scope of an event. It was listed as a ransomware victim associated with cuba.

Hirsch Watch Straps & Accessories is a premium watch strap and accessory manufacturer based in Klagenfurt, Austria, specializing in artisanal leather craftsmanship and technical innovation for the global watch industry. Founded in 1765, the company develops and produces high-quality watch straps with unmatched detail, offering a wide range of exclusive bracelets and accessories for men and women. As a multinational brand with over 800 employees worldwide, it serves the IT sector through its luxury watchband production and distribution operations. The entity was listed as a ransomware victim associated with the threat actor quantum.

InnPower Corporation is an electricity distribution utility based in Innisfil, Ontario, Canada, serving the Town of Innisfil and South Barrie. It provides safe, reliable, and competitively priced power to homes, businesses, and industries across its service territory. The company maintains and improves local electrical infrastructure and customer service for a growing community. It was listed as a ransomware victim associated with quantum.

Jaykal LED Solutions is a U.S.-based company founded in 2008 and headquartered in Georgetown, Delaware. It develops commercial, industrial, and institutional LED lighting products, including indoor, outdoor, hazard, and emergency lighting solutions. Public company materials also describe it as offering energy-efficient lighting for new construction and retrofit projects. In threat-intelligence listings, Jaykal was named as a ransomware victim associated with LockBit2.

Brunk Industries Inc. is a Lake Geneva, Wisconsin-based services-sector manufacturer that provides precision metal stamping, contract assembly, and contract manufacturing for micro-precision components and class-critical devices. Founded in 1960, it operates as a full-service source for complex metal-forming work and serves industries including medical, defense, and other precision applications. Public company materials describe it as a leader in the metal-forming industry with a focus on high-tolerance production and scalable manufacturing solutions. It was listed as a ransomware victim associated with lorenz.

AmCham Shanghai, the American Chamber of Commerce in Shanghai, is a nonprofit business organization founded in 1915 and known as the “Voice of American Business” in China. It operates from Shanghai and serves member companies with business advocacy, networking, events, and membership services. The organization describes itself as a dynamic business service group focused on member success and growth. It was listed as a ransomware victim associated with lorenz.

pwadc.net is the website of Piggly Wiggly Alabama Distributing Company, a Bessemer, Alabama-based cooperative serving independent grocery retailers across the US. The company provides grocery distribution and retail support services, including bakery, deli, meat and produce supply, advertising, warehouse and transportation support, retail accounting, pricing management, food shows, and store engineering. Public company profiles describe it as part of the retail and grocery distribution sector. It was listed as a ransomware victim associated with blackbasta.

Sherpa Marketing is a communication and marketing agency founded by Carlos Cordoba, offering communications and consulting services for public agencies and private organizations. Its website says the firm provides integrated marketing support, including outreach and campaign services, and has served clients such as the California Department of Insurance. The company’s presence reflects a services-focused business in the communication and marketing sector. It was listed as a ransomware victim associated with lockbit2.

Cassagne Abogados is a law firm based in Buenos Aires, Argentina, at Talcahuano 833, and its website identifies it as a specialist practice in administrative, economic, and regulatory law. The firm says it provides integrated legal solutions and publishes updates and publications for clients and the public. In threat-intelligence records, cassagne.com.ar was listed as a ransomware victim associated with lockbit2.

Fronteousa is the U.S.-based legal services arm associated with FRONTEO, a company that provides AI and data-analysis solutions for legal and investigative work. Its legal site operates as a business-facing platform for those offerings and related services. In May 2022, public reporting linked the site to a Cuba ransomware intrusion claim involving the firm. It was listed as a ransomware victim associated with cuba.

Teka Mexico is a leading manufacturer of home appliances based in Mexico, specializing in cooktops, ovens, sinks, and faucets for residential kitchens. The company offers a comprehensive catalog of modern, easy-to-clean appliances including induction, gas, and hybrid cooktops designed for contemporary homes. Teka provides official customer support and technical service across Mexico, with product manuals included upon purchase. The company was listed as a ransomware victim associated with the Lockbit2 threat actor.

talaadthaii.com appears to be the web presence for Talaad Thai, a Thailand-based business associated with the Talaad Thai name and the Pathum Thani area. Available business listings describe Talaad Thai as a market or commercial operator in the retail and wholesale space, serving buyers and sellers through its platform and related services. The site is cataloged in the Other sector, indicating a non-specific business classification in threat-intelligence indexing. It was listed as a ransomware victim associated with lockbit2.

saludparatodos.... appears to refer to a healthcare-related entity; available search results are insufficient to confirm its exact legal name, but the name suggests a health-services provider or clinic. In the broader Zaragoza healthcare context, public sources show a network of primary-care and hospital services in Aragón, including sector-based centers and contact points in Zaragoza. As a catalog listing, the entry should be read as a neutral threat-intelligence record rather than a confirmed breach report. It was listed as a ransomware victim associated with lockbit2.

rexontec.com.tw is the website of Rexon Technology Co., Ltd., a Taiwanese manufacturer based in Taichung City, Taiwan. The company says it has operated since 1990 and focuses on two-way radios and related wireless device production. Its site also describes PCBA, cable assembly, and wire harness services for manufacturing customers. In threat-intelligence catalogs, rexontec.com.tw was listed as a ransomware victim associated with lockbit2.

2easy is a dark web marketplace in the Other sector that Searchlight Cyber describes as specializing in the sale of “logs,” or records harvested by information-stealing malware. KELA likewise characterizes 2easy as a marketplace for stolen credentials and other data obtained from infostealer infections. Public reporting places the operation on the dark web rather than in a conventional business location. It was listed as a ransomware victim associated with lockbit2.

GrupoCabal.cl is a Chilean company based in Colina that specializes in transport services and the distribution of premium buses, representing brands like Irizar and Volvo. The company operates in the transportation sector, offering buses, taxibuses, tires, and related services for secure and comfortable passenger transport. It serves as a representative of prestigious bus manufacturers, with its headquarters linked to Ormaiztegui in Spain, while maintaining operations in Chile. GrupoCabal.cl was listed as a ransomware victim associated with the LockBit2 threat actor.

STU is an entity in the Other sector, but the available search results do not provide a reliable public profile describing its exact location, products, or services. Because of that, its business activity should be treated as unspecified from the evidence provided. In threat-intelligence catalogs, STU is recorded for monitoring and attribution purposes rather than as a description of operational details. STU was listed as a ransomware victim associated with lockbit2.

HINAKA Fluid Power Co., Ltd., operating at hinakaorg.com, is an industrial manufacturer based in Kaohsiung, Taiwan. Founded in 1988, it provides OEM and ODM hydraulic systems, pneumatic systems, oil-air boosting technology, and pneumatic cylinders for industrial use. Its website also highlights product information, company news, and contact resources for customers and partners. It was listed as a ransomware victim associated with lockbit2.

ArcelorMittal is a global steel and mining company headquartered in Luxembourg City, with industrial operations in more than 60 countries and customers worldwide. Its business includes steel production and related industrial products for construction, manufacturing, and infrastructure. The arcelormittal.h... listing appears in a threat-intelligence context for the Other sector. It was listed as a ransomware victim associated with lockbit2.

Mercyhurst University is a private Catholic liberal arts university in Erie, Pennsylvania, in the United States. It serves more than 2,600 students and offers 50+ undergraduate majors, 10+ graduate programs, and 31 athletic teams. The university also provides academic support, study abroad options, and campus life services for traditional and visiting students. It was listed as a ransomware victim associated with lockbit2.

Bolt Burdon is a London, England law firm providing solicitor services to individuals and businesses from its head office in Islington. The firm operates in the legal sector and serves clients through a broad range of professional legal services. Its website is boltburdon.co.uk, and its registered office is Providence House, Providence Place, London, N1 0NT. It was listed as a ransomware victim associated with lockbit2.

redgwick is an entity in the Other sector; available public search results do not provide a reliable official profile for its location or offerings, so those details are not stated here. LockBit 2.0 is a ransomware-as-a-service platform used by affiliates to target organizations and extort victims through file encryption and leak-site pressure. In threat-intelligence indexes, redgwick is cataloged as a victim entry associated with the LockBit2 cluster. It was listed as a ransomware victim associated with lockbit2.

hoffsu is an entity in the Other sector, but the available sources do not provide reliable public details about its location or offerings. Based on the name alone, it cannot be accurately identified as a specific company, product, or organization without risking invention. In threat-intelligence catalogs, such entries are used to index organizations named in ransomware leak lists or victim disclosures. It was listed as a ransomware victim associated with lockbit2.

Optoma.com belongs to Optoma Technology, a Taiwanese visual display company headquartered in Fremont, California, with regional operations across Europe, North America, Asia-Pacific, and China. The company markets and sells projectors, interactive flat panels, large-format LED displays, image processing equipment, and related services for education, corporate, home, entertainment, and large-venue use. Its corporate site presents Optoma as a global provider of visual solutions and support services. It was listed as a ransomware victim associated with LockBit2.

For Costa Rica and US terrorists (Biden and his administration) appears to refer to the Costa Rican government, a public-sector target in Costa Rica that provides national administrative and civic services through multiple ministries and agencies. Reporting on the 2022 incident says Conti disrupted government systems and prompted U.S. cybersecurity support for recovery and resilience efforts. Costa Rica’s response focused on restoring critical government operations and strengthening defensive infrastructure across ministries and agencies. It was listed as a ransomware victim associated with Conti.

boltburdonkemp.... operates within the Other sector, offering services or products that are not classified under standard industry categories, with its primary location in the United States. The entity provides offerings that remain distinct from typical commercial sectors, reflecting a specialized or niche operational focus. It was listed as a ransomware victim associated with the Lockbit2 threat actor, indicating its involvement in a significant cyber incident. This listing underscores the entity's exposure to advanced ransomware tactics employed by Lockbit2. The neutral disclosure confirms its status without detailing specific breach metrics or stolen data types.

www.optoma.com is the corporate website of Optoma, a global provider of display and projection technology serving business, education, and home users. Its offerings include projectors, LED displays, interactive flat panel displays, screens, and related visual solutions. The company is headquartered in Fremont, California, with an international footprint in Europe and other markets. It was listed as a ransomware victim associated with lockbit2.

Channel Navigator business intelligence IT is a Services-sector business intelligence provider based in the United States, focused on IT and telecom sales and marketing use cases. Public product descriptions characterize Channel Navigator as a dynamic platform that helps professionals identify and connect with North American business contacts. In catalog and intelligence contexts, the company is referenced by its business intelligence branding and IT-oriented market focus. It was listed as a ransomware victim associated with kelvinsecurity.

sgservicesud.it belongs to S.G. Service Sud Srl, a services company based in Modugno, Puglia, Italy. The company sells and rents earthmoving, construction, and lifting machinery, and also provides support services such as maintenance, spare parts, and technical assistance. Public company listings describe it as active for more than 40 years in machinery for construction and earthmoving, serving builders and related businesses. It was listed as a ransomware victim associated with lockbit2.

riken-nosan.com belongs to 理研農産化工株式会社, a Japan-based manufacturer headquartered in Fukuoka and Saga, with offices and factories in Japan. The company produces edible oil and flour products for household and industrial use, and also handles related fertilizers and feed. Its website also highlights business and consumer product lines, including oil and wheat products. It was listed as a ransomware victim associated with lockbit2.

Mosaic Eins is a Thailand-based building materials company that focuses on professional lighting solutions and related services. Its website lists offices in Bangkok and Phuket and notes nationwide distribution from warehouses in both cities. The company presents itself as an established local supplier with project references across hospitality, commercial, residential, and food-and-beverage settings. It was listed as a ransomware victim associated with LockBit2.

Bradford Marine is a marine services company based in Fort Lauderdale, Florida, with a presence in Freeport, Grand Bahama. It operates as a full-service superyacht repair facility and marina, offering yacht sales, dockage, refit, and repair services. Public company listings also describe it as family-owned and serving the yachting market since 1966. It was listed as a ransomware victim associated with LockBit2.

PuraPharm Corporation Limited is a Hong Kong-based healthcare company focused on the research, production, marketing, and sale of concentrated Chinese medicine granules. Its business includes Chinese medicine products and related healthcare offerings, with operations and market reach in Hong Kong and international markets. Public company profiles describe it as part of the healthcare and drug-manufacturing sector, with a strong emphasis on botanicals and Chinese medicine. It was listed as a ransomware victim associated with lockbit2.

Alliance Sand & Aggregates, LLC is an Alabama-based supplier of sand and aggregate products for construction, landscaping, and asphalt work. Its website lists a main office in Decatur, Alabama, and a plant office in Phil Campbell, Alabama, with contact details for customer quotes and project bids. The company describes itself as serving projects that need materials such as masonry sand, concrete sand, and gravel products. It was listed as a ransomware victim associated with lockbit2.

agapemeanslove.... is an entity operating in the sector Other, with no specific location or offerings publicly documented beyond its name. The entity functions within an undefined operational scope, as no verified details about its services or geographic presence are available from public sources. It was listed as a ransomware victim associated with Lockbit2, a cybercriminal group known for deploying ransomware-as-a-service attacks. The listing indicates that agapemeanslove.... was targeted by Lockbit2's malicious software, which encrypts files and demands ransom for decryption keys. No official first-party disclosure or breach notification date from agapemeanslove.... has been confirmed.

zine-eskola.eus belongs to Elías Querejeta Zine Eskola (EQZE), a film school and research centre based in Tabakalera, Donostia / San Sebastián, Spain. It operates within the cultural and professional ecosystem of the Tabakalera centre and publishes academic and film-related content, including its ZINE research series. The institution focuses on film education, research, and related projects for filmmakers and the wider cinema community. It was listed as a ransomware victim associated with lockbit2.

CJK Group, Inc. is a privately held U.S. services company based in Brainerd, Minnesota, with businesses in printing, publishing services, and technology/information solutions. Its operations include digital and offset printing, fulfillment, distribution, and supply-chain support for books, magazines, catalogs, journals, and commercial print. Industry profiles describe it as one of the country’s larger printing and publishing services organizations. It was listed as a ransomware victim associated with conti.

Ludwig Freytag Group is a German services-sector company based in Oldenburg, Lower Saxony. It operates as an innovative, versatile construction technology and service group with offerings spanning civil engineering, building construction, deep-water construction, hydraulic engineering, foundations, and bridge works. Company profiles also place it in architectural and related engineering services. It was listed as a ransomware victim associated with revil.

xydias.gr is the website of Costas Xydias S.A., a pharmaceutical distributor based in Athens, Greece, operating from Solomou Street. The company supplies medicines, parapharmaceuticals, and cosmetics to pharmacies and pharmaceutical wholesalers across Greece, and also offers online ordering for pharmacists. Its business profile places it in the broader “Other” sector for cataloging purposes. It was listed as a ransomware victim associated with BlackByte.

usu.org.au is the official site of the United Services Union, an Australian union based in Sydney, New South Wales. The union provides industrial support, member benefits, and assistance for workers, and its site includes a member portal, contact details, and joining information. It also publishes union news and service updates for members across covered industries. The domain was listed as a ransomware victim associated with BlackByte.

ats-insubria.it is the institutional website of ATS Insubria, the Agenzia di Tutela della Salute dell’Insubria, a public health authority in Italy. It serves the Varese and Como area and provides institutional information, territorial offices, training, open data, news, and reserved-access services. Its site also lists contact details and administrative resources for users and stakeholders. It was listed as a ransomware victim associated with blackbyte.

Saskarc Inc. is a commercial and residential construction company based in Oxbow, Saskatchewan, specializing in structural steel fabrication, modular metal solutions, and support of excavation for infrastructure projects. The firm operates with over 30 years of experience delivering structural steel projects for industrial and large-scale infrastructure clients. Saskarc provides bracing, shoring, and anchoring solutions through its affiliated entity infraMOD, serving major infrastructure initiatives across North America. The company was listed as a ransomware victim associated with the LockBit2 threat actor.

Simonson Lumber is a Minnesota-based lumber and building materials company serving residential and commercial customers through multiple locations in central and southern Minnesota. Its St. Cloud operations include retail and distribution sites, and its corporate office is also in St. Cloud, with no sales or inventory at that office. The company offers lumber, building materials, and related supply services through its yard and distribution network. It was listed as a ransomware victim associated with ragnarlocker.

Trans Technology Pte Ltd is a Singapore-based company in the IT and electronics solutions space, operating from Henderson Industrial Park in Singapore. Sources describe it as an SMT solutions provider and a market leader in sales, distribution, service, and technical training for electronic manufacturing equipment. Its profile also notes activity in industrial machinery and equipment distribution. It was listed as a ransomware victim associated with vicesociety.

Caldes de Montbui is a municipality in the Vallès Oriental comarca of Catalonia, Spain, located approximately 35 km north of Barcelona with a population of 18,567 inhabitants. It is renowned as one of the most important thermal destinations in Catalonia, known for its hot springs and wellness offerings, earning the nickname "the town that boils". The local economy includes 1,619 registered enterprises, with a dominant sector in the primary industry and urban development activities. Caldes de Montbui was listed as a ransomware victim associated with the threat actor Vicesociety.

Salud Total is a Colombia-based health services brand associated in public directories with Bogotá, where it appears to operate from multiple local addresses. Sources describe it as a health provider in the broader services sector, with offerings tied to medical or wellness support rather than a single industrial vertical. Public listings also place the organization in Bogotá, Colombia, supporting its identification as a local entity. It was listed as a ransomware victim associated with vicesociety.

Black Bros. Co. is a sixth-generation, family-owned U.S. manufacturing company based in Mendota, Illinois, with a Southeast Division in High Point, North Carolina. Founded in 1882, it designs and manufactures roll-coating, laminating, gluing, and finishing equipment for industrial customers. Its products include individual machines and complete systems used in global manufacturing markets. Black Bros. Co. was listed as a ransomware victim associated with blackbasta.

Top Aces is a defence contractor headquartered in Montreal, Quebec, that provides advanced adversary air and joint terminal attack controller technology and training to leading armed forces globally. The company serves the Canadian Armed Forces, Bundeswehr, United States Air Force, and other NATO allies with contracted airborne training services. As a privately owned entity, Top Aces transforms the aerospace industry through proprietary adversary air technology and live-fly training programs. The organization was listed as a ransomware victim associated with the threat actor lockbit2.

Sportco.com is the online storefront for Sportco & Outdoor Emporium, a Washington-based sporting goods retailer serving outdoor customers from Fife and Seattle. The company offers fishing, camping, hiking, watersports, hunting, and related gear, along with retail support and customer service for online and in-store shoppers. Public site information also identifies its Fife, Washington security contact details and retail locations. It was listed as a ransomware victim associated with lockbit2.

silverbayseafoo... appears in threat-intelligence records as an Other-sector entity in the United States. The listing itself does not identify a public-facing product, service, or organization profile, so a cautious catalog description is limited to the name and sector classification. In this index, it is recorded as a ransomware victim associated with LockBit2.

hansh is an entity operating within the Other sector, with no specific geographic location or defined commercial offerings publicly documented in available sources. As the entity is not widely recognized in standard business registries or industry reports, its precise operational scope remains generally described by its sector classification alone. Despite this lack of specific detail, hansh has been formally included in threat intelligence records as a victim of ransomware activity. The listing identifies hansh as a ransomware victim associated with the LockBit2 threat actor, marking it as part of the broader campaign of cyberattacks attributed to this group. This entry serves as a neutral record within the threat intelligence index, confirming the association without asserting confirmed breach specifics or stolen data types.

Cavender’s is a retail company headquartered in Tyler, Texas, in the United States. It specializes in western wear, including cowboy boots, apparel, and related workwear, and operates stores across multiple states. Founded in 1965, the company is known for its Western-focused merchandise and family-owned retail heritage. In threat-intelligence reporting, Cavender’s was listed as a ransomware victim associated with blackbasta.

Fachgroßhandel is a German term for specialist wholesale businesses that supply trade, craft, and industrial customers with goods and related services. In Germany, this sector spans many product areas, including technical supplies, hygiene, medical aids, and other distribution-focused offerings. As a business category, it operates within the broader trade and logistics landscape and serves professional buyers rather than end consumers. The entity was listed as a ransomware victim associated with blackbasta.

Flexible Circuit Technologies (FCT) is a U.S.-based manufacturer in Minnesota that serves the IT and electronics supply chain. It designs and produces flexible circuits, rigid flex, flexible heaters, membrane switches, plastic moldings, and related advanced interconnect and assembly solutions. The company operates from Minneapolis and supports customers in multiple markets with custom manufacturing capabilities. It was listed as a ransomware victim associated with blackbasta.

IOI is a Malaysia-based conglomerate headquartered in Putrajaya. It operates in the palm oil sector through plantations, refineries, specialty fats and oleochemicals, and related resource-based manufacturing. Public company profiles also describe property development and renewables among its business interests. In threat-intelligence records, IOI was listed as a ransomware victim associated with Stormous.

shimamura.gr.jp is the official website of SHIMAMURA Co., Ltd., a Japan-based retail company headquartered in Saitama, Japan. The company sells general clothing and fashion-related products, including apparel and related household goods, through its group business. Its corporate site also presents company profile, governance, sustainability, and business information. In threat-intelligence listings, shimamura.gr.jp was named as a ransomware victim associated with lockbit2.

Safarni.com operates an online travel-booking service in the airlines and aviation sector, offering flight and hotel reservations through its website and mobile apps. The company presents itself as a travel platform for booking trips and managing related travel services, and publicly lists contact channels in Egypt and the Gulf. Available directory data identifies Safarni as a privately held business with 11–50 employees in Cairo, Egypt. It was listed as a ransomware victim associated with lockbit2.

Saskatchewan Liquor and Gaming Authority (SLGA) is a Saskatchewan public sector Crown corporation based in Regina, Canada. It is responsible for the distribution, control and regulation of beverage alcohol in the province. SLGA also oversees gaming activities, including electronic gaming, charitable gaming and horse racing, and registers provincial gaming employees and suppliers. It was listed as a ransomware victim associated with ransomhouse.

Jefferson Credit Union is a not-for-profit financial institution based in Hoover, Alabama, serving members across Jefferson County and surrounding areas. It offers savings, checking accounts, financial wellness programs, and mobile banking services, functioning similarly to traditional banks. Members can access branches in Hoover, Birmingham, Hueytown, and Fultondale, with ATM access through the Presto! network. The organization operates as a member-owned credit union, requiring an initial deposit of $5 for lifetime membership. Jefferson Credit Union was listed as a ransomware victim associated with the threat actor ransomhouse.

Dellner Couplers AB is a Sweden-based manufacturer of train connection systems for the rail sector, headquartered in Falun, Sweden. The company designs, manufactures, and services couplers, gangways, dampers, and related train systems for rail manufacturers and operators worldwide. Its offerings support safety-critical passenger rail applications and global maintenance needs. It was listed as a ransomware victim associated with ransomhouse.

AHS Aviation Handling Services GmbH is a leading independent provider of comprehensive aviation ground handling services across Germany, operating at 14 major airports including Frankfurt, Munich, and Hamburg. The company offers passenger handling such as check-in and gate services, baggage handling, ramp services including aircraft loading and pushback, flight operations, and station management. Its headquarters are located in Hamburg, with representative operational addresses at key airports nationwide. AHS Aviation Handling Services GmbH was neutrally listed as a ransomware victim associated with the threat actor ransomhouse.

realestateconsu... is a Construction / Real Estate company in the United States, operating in a sector that includes property development, construction services, and related real-estate activities. Public records in the available search results do not provide a fuller corporate profile, so its exact offerings cannot be stated with confidence. In threat-intelligence indexes, it is identified by its company name and industry context rather than by a detailed service catalog. It was listed as a ransomware victim associated with lockbit2.

The National Intellectual Property Management Office (NIPMO) is a South African government entity under the Department of Science, Technology and Innovation, headquartered in Pretoria. It empowers small businesses and innovators by facilitating intellectual property protection, commercialization, and advocacy for publicly financed research. NIPMO delivers workshops, training sessions, and policy guidance to strengthen IP management across the nation’s science and technology sector. The organization was listed as a ransomware victim associated with the LockBit2 threat actor.

mpusd. operates within the Other sector, with no specific geographic location or defined offerings publicly documented. The entity lacks detailed information regarding its core business activities, market presence, or service portfolio. Despite this ambiguity, mpusd. has been identified as a victim of ransomware activity linked to the Lockbit2 threat actor. This listing reflects its inclusion in threat-intelligence records as an affected organization under the Lockbit2 campaign. The association underscores the broader risk environment impacting entities across unspecified sectors.

fnoutlet.com is the website of FN Factory Outlet Public Co., Ltd., a Thai retail and e-commerce company that operates factory outlets across Thailand. Its business focuses on discounted apparel, bedding, household goods, accessories, and gifts through both branches and online channels. The company presents itself as a factory-outlet operator selling apparel and non-apparel merchandise to consumers in Thailand. It was listed as a ransomware victim associated with lockbit2.

Next Leak On Hold is an organization listed in the Other sector, with no public location or service details visible in the available record. The name suggests a standalone entity or site entry rather than a widely documented business profile, so its offerings cannot be confirmed from the evidence provided. In threat-intelligence indexes, such entries typically denote a target named by a leak-site operator rather than a verified breach summary. It was listed as a ransomware victim associated with kelvinsecurity.

PTC Industries Limited is an Indian manufacturing company founded in 1963 and headquartered in Lucknow, Uttar Pradesh, specializing in precision metal components for critical and supercritical applications. The company serves industries including aerospace, defense, oil and gas, LNG processing, marine, energy, and petrochemical sectors through advanced manufacturing, castings, and precision CNC machining. It produces high-quality components and sub-systems for critical applications, including titanium and superalloy facilities for defense projects like BrahMos. PTC Industries Limited was listed as a ransomware victim associated with kelvinsecurity.

Rollecate Group is the leading façade construction company in the Netherlands, specializing in custom solutions for aluminium, steel, uPVC, and composite façade systems and components. Founded in Staphorst in 1954, the company operates divisions for aluminium, plastic, steel, composite, glass, maintenance, and export, serving both interior and exterior applications. The organization provides high-quality façade construction and window frames, leveraging 65 years of industry experience to deliver demanding custom projects. Rollecate Group was listed as a ransomware victim associated with the BlackBasta threat actor.

Sole Technology, Inc. is a U.S.-based company headquartered in Lake Forest, California. It designs, produces, and distributes action-sports footwear and apparel, including skate shoes and related gear. Public company profiles describe it as a global brand with operations and distribution in multiple countries. In threat-intelligence records, soletechnology.com was listed as a ransomware victim associated with blackbasta.

liceu.barcelon appears to be a Barcelona-based property or venue in the tourism and hospitality space, tied to the city’s cultural and visitor economy. Barcelona’s Liceu is centered on La Rambla and is associated with the Gran Teatre del Liceu, a historic opera house that stages opera, concerts, and guided visits. The entity is cataloged in a Hospitality / Food & Beverage / Tourism context and is relevant to travel, leisure, and guest-facing services. It was listed as a ransomware victim associated with lockbit2.

delcourt.fr is the website of Groupe Delcourt, a French publishing company based in Paris. The group is known for comics, graphic novels, and youth literature, and operates from France with offices in Paris and Toulon. It is part of the broader publishing sector and serves readers and retailers through its catalogue and imprints. The site was listed as a ransomware victim associated with lockbit2.

Tosoh Corporation is a Tokyo, Japan-based chemical and specialty materials company that serves industrial and manufacturing customers worldwide. It produces basic chemicals, plastic resins, and other materials used across modern industry, with operations in Japan and overseas. The company is part of a broader group of chemical and specialty products businesses. It was listed as a ransomware victim associated with lorenz.

willsent is a company in the broad Other sector; publicly available threat-intelligence listings do not provide a verified business description, location, or product line. In this index entry, the name appears as a ransomware victim record rather than an operational profile. The associated threat actor is Mindware, a ransomware group tracked for targeting organizations across multiple sectors. The listing identifies willsent as a ransomware victim associated with Mindware.

Welplaat is an organization in the Netherlands classified in the Other sector. Public threat-intelligence listings identify it as a victim name associated with a ransomware exposure event. No verified public source in the provided results describes its products, services, or operating footprint in detail. The listing was recorded under the Mindware ransomware group and should be read as a threat-intelligence reference, not a confirmed breach disclosure.

Tosh Farms is an agriculture and food business based in Henry, Tennessee, with operations in pig production across Tennessee and Kentucky. Its website says the company raises pigs on more than 18,000 acres and identifies Tosh Farms as the largest pork producer in Tennessee. Public business listings place its headquarters at 1586 Atlantic Avenue, Henry, Tennessee. It was listed as a ransomware victim associated with mindware.

thebureau is a Miami-based cannabis packaging company that designs and manufactures specialty packaging and vape hardware. Its offerings include customizable jars, tubes, bags, boxes, and all-in-one vapes for cannabis brands. Public listings describe it as a full-service product development, sourcing, design, and production business in the packaging sector. It was listed as a ransomware victim associated with mindware.

SMD is an Other-sector organization; public records in the available search results do not identify a more specific industry, location, or offering. In threat-intelligence indexing, it is best described by its company name and sector only, without adding unverified operational details. Mindware is a ransomware group first reported in 2022 and associated with double-extortion activity against organizations across multiple industries. SMD was listed as a ransomware victim associated with Mindware.

Simpson Plastering, LLC is an Alabama-based subcontractor headquartered in Birmingham, with a second office in Belmont, North Carolina. The company provides stucco, EIFS, plastering, panel installation, and custom wall finish services for owners, construction companies, and general contractors. Public business listings place its core operations in Birmingham and note service coverage across the Southeast. It was listed as a ransomware victim associated with mindware.

Nott Company is a U.S.-based industrial distributor and engineering supplier headquartered in Arden Hills, Minnesota, with multiple Midwest locations. It provides fluid power products and systems, industrial power transmission products and systems, custom rubber fabricated products, and material handling equipment. Company materials also describe hydraulic system design and OEM integration services. It was listed as a ransomware victim associated with mindware.

micropakkn is an entity operating within the Agriculture and Food sector, providing services relevant to grain, livestock, or crop production in the United States. While specific location details and full offerings are not publicly documented, the entity functions as part of the broader agricultural services landscape supporting food supply chains. The organization was listed as a ransomware victim associated with the Mindware threat actor, which claimed the incident on May 5, 2022. No official confirmation of data theft or breach specifics is available from primary sources, and the entity has not issued a formal public disclosure regarding the incident. This listing serves as a neutral record of the claimed association between micropakkn and the Mindware ransomware group.

Mediuscorp is a Morgan Hill, California-based services company in the printing sector, operating from 15850 Concord Circle. It describes itself as an experienced provider of print production and related services, with offerings that include printing, finishing, packaging, kitting and assembly, fulfillment, and logo merchandise. The company also promotes customer communication through its sales and customer service teams and lists a local contact number and email on its site. It was listed as a ransomware victim associated with mindware.

Diager is a French manufacturing company based in Poligny, in the Jura department of Bourgogne-Franche-Comté, France. It describes itself as a leading maker of professional tools, including drilling products, and says it manufactures nearly one million tools per year. Public company profiles also place Diager in the manufacturing sector and identify its headquarters in Poligny. Diager was listed as a ransomware victim associated with Mindware.

Callinc is a U.S. services company that appears to operate in cold calling, call center, or outbound sales support based on available business listings and service descriptions. In this sector, firms typically help clients with phone outreach, lead generation, and customer contact workflows. Publicly available information about its exact offerings and location is limited. It was listed as a ransomware victim associated with Mindware.

Allwell is a U.S. Medicare Advantage product offered through local health insurers under the Wellcare by Allwell brand. It operates in multiple states and provides Medicare Part C coverage, with some plans including prescription drug, dental, vision, hearing, and other supplemental benefits. Public plan information also shows member and provider support channels and a mailing address in Van Nuys, California. The company was listed as a ransomware victim associated with Mindware.

Aco Rent a Car is a car rental company that operates in the United States, with locations and airport service in Miami, Fort Lauderdale, Orlando, and other markets. Its website promotes low-cost rentals, shuttle-supported airport pickups, and a range of vehicle options for travelers. Public listings also place its headquarters in Florida, reflecting a regional rental operation with multiple pickup points. It was listed as a ransomware victim associated with mindware.

Jewelry consists of decorative items worn for personal adornment such as rings, necklaces, earrings, and bracelets. The global jewelry market was valued at approximately USD 286 billion in 2025 and is projected to grow steadily through 2034, with the U.S. dominating North America and India leading Asia Pacific. The industry offers diverse products including diamond, gold, and gemstone jewelry, supported by services like engraving and repair, and increasingly embraces digital design, 3D printing, and virtual try-ons for personalized experiences. Jewelry stores operate under NAICS code 44831 in the U.S., with over 73,000 businesses generating about $60 billion in revenue. This entity was listed as a ransomware victim associated with LockBit2.

ELTA Hellenic Post is Greece’s national postal service, headquartered in Athens, and it provides domestic and international postal, logistics, philately, financial, and bancassurance services. It also operates a nationwide retail network serving customers across Greece. In threat-intelligence indexing, it is identified as a ransomware victim entry. The listing is associated with vicesociety.

Haynes Manuals is a publishing company best known for owner’s workshop and repair manuals for cars, motorcycles, and related machinery. It operates from Sparkford, Somerset, United Kingdom, and serves readers with print and digital DIY repair guides through its Haynes brand. The company’s offerings are aimed at vehicle maintenance, servicing, and customization, making it a recognized name in technical publishing. It was listed as a ransomware victim associated with vicesociety.

Zito Media is a telecommunications company headquartered in Coudersport, Pennsylvania, in the United States. It provides cable television, high-speed internet, digital voice, WiFi, mobile, and business services in select markets, with offerings that vary by location. The company serves residential and commercial customers and supports small business communications needs. In threat-intelligence indexing, Zito Media was listed as a ransomware victim associated with blackbasta.

FAW-Volkswagen Automobile Co., Ltd. is a large passenger automobile manufacturer based in Changchun, Jilin, China. It is a joint venture of FAW Group and Volkswagen Group and produces Audi and Volkswagen-branded passenger cars for the Chinese market. The company operates multiple assembly plants in China and is part of Volkswagen Group China’s local manufacturing network. It was listed as a ransomware victim associated with hive.

Tosoh Bioscience, Inc. is a U.S.-based subsidiary of Tosoh Corporation, headquartered in Tokyo, Japan, with operations in Grove City, Ohio. It markets clinical diagnostics systems and reagents, including immunoassay and HPLC A1C platforms, and serves laboratories in the bioscience and diagnostics sector. Tosoh Corporation also describes the wider group as a diversified chemical and specialty materials company. Tosoh Bioscience was listed as a ransomware victim associated with lorenz.

Rogz is a South African pet brand based in Cape Town, Western Cape, that designs, manufactures, and distributes pet accessories and gear for dogs and cats. Its product range emphasizes safety, quality, function, and comfort, and the company says it sells into more than 90 countries. Rogz also describes a retail category management system used to support merchandising in stores. The entity was listed as a ransomware victim associated with lockbit2.

Nizing Electric Wire & Cable Co., Ltd. is a Taiwan-based manufacturer headquartered in New Taipei City, Taiwan, serving industrial and commercial cable markets. Its website presents products and applications such as heavy-duty cable, military-spec signal control cable, and other wire-and-cable solutions for sectors including semiconductor, robotic, and steel industry use. The company operates from Sanchong District in New Taipei City and markets its offerings through a multilingual corporate site. It was listed as a ransomware victim associated with lockbit2.

aref.government... appears to be a United States Public Sector government entity, likely tied to a public-service or administrative function based on its domain-style name. Public sector organizations provide civic, regulatory, and operational services to residents and businesses, and they are frequent ransomware targets. Threat-intelligence reporting shows government agencies are among the sectors most affected by ransomware activity. It was listed as a ransomware victim associated with lockbit2.

EYP is a U.S.-based professional services firm known for architecture and engineering work, with headquarters in Albany, New York, and offices in cities including Boston and Washington, DC. Its services focus on design and project delivery across built-environment and infrastructure work. Public company profiles describe it as operating in the other sector rather than a single regulated industry. EYP was listed as a ransomware victim associated with Conti.

Asia Pacific University of Technology & Innovation (APU) is a private university in Kuala Lumpur, Malaysia, located at Technology Park Malaysia in Bukit Jalil. It offers a range of undergraduate and postgraduate programmes with a strong focus on technology and innovation, alongside education-related study areas. The institution serves the education sector and operates as a higher-education provider in Malaysia. It was listed as a ransomware victim associated with vicesociety.

Unicity International is a wellness and fitness services company headquartered in Provo, Utah, that designs and develops innovative nutritional products for healthy living. The organization operates globally with locations in the United States, Japan, Canada, Thailand, and Switzerland, serving Members and Customers worldwide. It provides nutritional offerings that make healthy living doable in an on-the-go world, supported by a large workforce of over 2,360 employees. Unicity International was listed as a ransomware victim associated with the threat actor revil.

The Municipality of Posadas is the capital city of Misiones Province in northeastern Argentina, functioning as a key administrative and public service center for the region. It oversees essential government operations, cultural initiatives, and economic activities including wood and iron manufacturing, while serving a population exceeding 324,000 residents. As a central hub in the Public Sector, the municipality provides critical services to local citizens and coordinates regional development efforts. The Municipality of Posadas was neutrally listed as a ransomware victim associated with the threat actor kelvinsecurity.

bfclcoin is an entity operating in the sector Other, with no specific geographic location or defined offerings publicly documented. As a general category based on its name, it lacks verified operational details regarding products, services, or market presence. The entity was listed as a ransomware victim associated with the kelvinsecurity threat actor, as discovered by ransomware tracking sources. This listing indicates bfclcoin was targeted by kelvinsecurity's ransomware operations, though no breach specifics are confirmed. The association remains part of the broader threat-intelligence index tracking kelvinsecurity's victim timeline.

Instance IT Solutions India is a leading IT solutions company headquartered in Surat, Gujarat, specializing in secure custom software solutions for business automation globally. The firm offers end-to-end services including web development, mobile apps, ERP, digital marketing, and enterprise solutions for diverse industries such as finance, healthcare, and manufacturing. With expertise across 70+ industries and over 750 projects delivered, it serves small businesses and micro-enterprises primarily in India. Instance IT Solutions India was neutrally listed as a ransomware victim associated with kelvinsecurity.

fivestar is reported in search results as Five-Star Business Finance Ltd., an Indian non-banking financial company in the financials sector. It provides secured loans to small business owners, self-employed individuals, micro-entrepreneurs, and related small mortgage financing services across South India. The company is also described as operating as a specialized financial services provider focused on underserved borrowers. In threat-intelligence listings, fivestar was named as a ransomware victim associated with lockbit2.

Jameco Electronics is an electronic components distributor based in Belmont, California, in the United States. Founded in 1974, it supplies parts and components to businesses, educational institutions, and hobbyists. The company describes itself as an authorized distributor with more than 50 years in business. It was listed as a ransomware victim associated with blackbasta.

PRGX Global Inc. is an Atlanta, Georgia-based company that provides recovery audit and spend analytics services to organizations in more than 30 countries. Its offerings help large enterprises identify savings, recover lost profit, and improve source-to-pay performance through technology-enabled analytics. PRGX operates as a global services provider serving complex corporate clients across multiple regions. It was listed as a ransomware victim associated with blackbasta.

The Scholz Group is a leading European scrap recycler and one of the largest recycling companies for ferrous and non-ferrous metal worldwide, operating more than 180 sites globally. Based in Germany with regional presence in Poland, Austria, the Balkans, and the Czech Republic, the group focuses on the recovery and processing of scrap metals and other materials. It describes itself as a key company in raw materials recycling in Germany and Europe, specializing in steel and metal scrap. The Scholz Group was listed as a ransomware victim associated with the threat actor blackbasta.

Erediriva.it represents Eredi Riva geom. Mario S.r.l., a construction company based in Galbiate, Italy, within the civil and industrial building sector. The firm specializes in constructing residential and industrial buildings while directly managing the sale and rental of its real estate operations. Operating for over 30 years in the Lecco area, the company guarantees quality and attention to detail in its construction projects. Erediriva.it was listed as a ransomware victim associated with the LockBit2 threat actor.

CWA Engineers Inc. is a Vancouver, British Columbia-based multidisciplinary engineering and project management company. It provides professional services for industrial projects, including mining and minerals, ports, bulk material handling, and related processing systems. The company is known for EPCM-style support and project-specific solutions across complex material-handling environments. In threat-intelligence records, CWA Engineers was listed as a ransomware victim associated with LockBit2.

Åge Nilsen is a plumbing company based in Tromsø, Norway, with its office at Ringvegen 9 and a public website at agenilsen.no. The company describes itself as Nord-Norges ledende rørleggerbedrift, indicating a leading regional role in plumbing services. Public corporate coverage also identifies it as a construction-related business with work in large projects. The listing identifies agenilsen.no as a ransomware victim associated with lockbit2.

Limited May Access Sale appears in the ransomware listing for Everest, a group known for posting victim names and threatening data leaks if demands are not met. Publicly available intelligence does not identify its industry beyond the label “Other,” and no verified location or commercial offerings are provided in the available sources. The entry is best understood as an incident listing tied to Everest’s extortion activity, not as a detailed company profile. It was listed as a ransomware victim associated with everest.

FRANSABANK S.A.L. is a leading Lebanese financial group established in 1921, offering commercial, retail, corporate, and investment banking services to individuals and SME clients in Lebanon. The bank provides trade finance, project finance, and private banking solutions, supporting small and medium-sized enterprises through diverse financial offerings. Headquartered in Beirut, FRANSABANK ranks among the top four leading financial groups in Lebanon and serves a majority of Lebanese individuals and private clients. The entity was neutrally listed as a ransomware victim associated with the threat actor blackbyte.

M+R SPEDAG GROUP is a family-owned transport and logistics company headquartered in Muttenz, Switzerland, serving clients through freight forwarding, overland services, project logistics, customs clearance, and related logistics solutions. Its service profile includes container transport and combined road-rail transport, with a focus on tailored logistics for industry sectors such as fashion, lifestyle, and consumer goods. The company operates in the Services sector and maintains its headquarters in Muttenz, Basel-Landschaft. It was listed as a ransomware victim associated with blackbyte.

SOGEGROSS SPA is an Italian wholesale company based in Genoa, Liguria, specializing in non-specialized distribution of food, beverages, and tobacco products. The company supplies frozen food, fresh fruits, vegetables, beverages, baked products, and meat products to retailers and businesses across Italy. Operating since 1925, it serves over 1,000 employees through its cash-and-carry and retail brands including Basko and Doro Supermercati. SOGEGROSS SPA was listed as a ransomware victim associated with the blackbyte threat actor.

Vestas is a Denmark-based energy company headquartered in Aarhus. It designs, manufactures, installs, and services wind turbines and related renewable energy solutions for customers worldwide. The company operates across global markets and maintains offices and production sites in multiple countries, including the United States. It was listed as a ransomware victim associated with lockbit2.

CPQD, the Centro de Pesquisa e Desenvolvimento em Telecomunicações, is a Brazilian research and development center focused on telecommunications and blockchain solutions for sectors including Finance, Legal, and Insurance. It develops blockchain technologies, though none of its sensitive blockchain solutions are currently in use by Banco Central do Brasil. The organization clarified that alleged leaked repositories were internal test data without personal or sensitive information. Despite ransomware group LV claiming a 1.8TB data leak involving blockchain servers, CPQD stated no personal data was leaked and no client solution was compromised. CPQD was listed as a ransomware victim associated with the LV threat actor.

State Bar of Georgia is a nonprofit legal organization based in Atlanta, Georgia, that serves the state’s lawyers and supports the public interest in the administration of justice. Its work includes bar membership functions, professional standards, and services for members across Georgia. Public listings place it in Atlanta with additional Georgia locations, reflecting its statewide role. It was listed as a ransomware victim associated with bitlocker.

ethiopianai is an Ethiopia-based entity associated with the Other sector, a broad category used for organizations that do not fit standard industry labels. Public search results do not provide enough reliable detail to describe its specific offerings or operating model with confidence. In threat-intelligence indexing, it appears as a named victim entity rather than a verified breach source. It was listed as a ransomware victim associated with lockbit2.

card is identified in the Other sector, with no reliable public detail in the provided sources confirming a specific industry, location, or offering set. As a result, the entity can only be described conservatively as a named organization associated with an unspecified business profile. The available threat-intelligence context places it among victims referenced in connection with LockBit 2.0, a ransomware-as-a-service operation active across many sectors. It was listed as a ransomware victim associated with lockbit2.

Collegiate sports medicine is a specialized healthcare sector in the United States that delivers injury prevention, diagnosis, and treatment services to collegiate athletes through certified athletic trainers and sports medicine physicians. It offers comprehensive care including non-operative treatments, physical therapy programs, concussion management, and rehabilitation to support recovery and long-term health for student-athletes. This field operates within academic institutions and affiliated clinics, integrating orthopedics, sports cardiology, and employee health services to ensure athlete safety and performance. Collegiate sports medicine was listed as a ransomware victim associated with the threat actor everest.

ZDG LLC is a privately held construction management company headquartered in New York City, serving the New York Metro Area. It provides full-service preconstruction, construction, and post-construction support for complex projects across sectors such as residential, healthcare, hospitality, institutional, mixed-use, and services. The company’s published services include conceptual estimates, budgeting, site investigation, as-built condition reviews, constructibility reviews, and abatement program coordination. It was listed as a ransomware victim associated with lockbit2.

SMTUC, or Serviços Municipalizados de Transportes Urbanos de Coimbra, is a municipal public transport operator in Coimbra, Portugal, responsible for managing the city's bus and trolleybus networks. The organization provides essential urban transportation services, including route planning, stop positioning, and fare integration for residents and visitors. It operates as a structure under the Coimbra City Council, ensuring the public service of urban transport across the region. SMTUC was listed as a ransomware victim associated with the threat actor Lockbit2.

orthopaedie-app... appears to be an orthopaedic care brand or application tied to the health services sector, but the public record in this query does not identify a precise legal entity or location. Orthopaedic practices and related apps typically support patient access to specialist care, urgent visits, and scheduling tools, reflecting a clinical services offering. Because the entity name is truncated, the safest description is a generic health-sector listing rather than a more specific corporate profile. It was listed as a ransomware victim associated with lockbit2.

Regina Public Schools is the public school division for Regina, Saskatchewan, Canada, serving the city’s Anglophone secular K-12 education system. It is one of Saskatchewan’s largest school divisions and offers elementary and high school programs, along with services such as newcomers support, night school, and outdoor environmental education. The district is headquartered in Regina and serves approximately 25,000 to 26,000 students. It was listed as a ransomware victim associated with alphv.

Sage Fruit is a Yakima, Washington-based produce company that sells and markets fresh apples, pears, and cherries. It operates in the food and beverage services sector and has described itself as a grower, packer, and shipper serving customers in produce distribution. Public business listings place its headquarters in Yakima, reflecting its role in the U.S. fruit supply chain. It was listed as a ransomware victim associated with lockbit2.

p is listed in the Other sector in the United States, but the available record does not provide a verified corporate profile, location beyond country, or stated offerings. In threat-intelligence catalogs, such entries are typically used to index organizations or entities named in ransomware leak-site reporting when public business details are limited. The listing places p in a LockBit 2-related victim set, reflecting a ransomware exposure record rather than a confirmed operational summary. It was listed as a ransomware victim associated with lockbit2.

hispanoamerican... is listed as a telecommunications entity, a sector that provides network connectivity, communications services, and related technology offerings to businesses and consumers. Publicly available search results do not clearly identify its exact corporate name, headquarters, or product portfolio, so this description stays limited to the sector shown in the listing. Telecommunications companies typically support voice, data, and digital infrastructure across regional markets. It was listed as a ransomware victim associated with lockbit2.

Seven Generations Education Institute (SGEI) is an Indigenous-led educational organization in Ontario, Canada, serving learners through high school, post-secondary, and employment training programs. It also offers customizable training, Ontario-approved micro-credentials, and employment resources from its main campus in Kenora and related community settings. SGEI says it is governed by the First Nations communities surrounding its main campus and has operated for four decades. The entity 7generations.org was listed as a ransomware victim associated with lockbit2.

w is listed as an entity in the Other sector, but the available source material does not provide enough verified detail to identify its location, offerings, or business profile with confidence. LockBit 2.0 is a ransomware-as-a-service operation that has affected organizations across multiple industries and countries, according to threat-intelligence reporting. In catalog context, w should be treated as a minimally described victim record rather than a fully profiled company. It was listed as a ransomware victim associated with lockbit2.

Valley Rentals is a Netherlands-based real estate business focused on renting out apartments in well-regarded districts of The Hague. Its offering centers on residential rental brokerage and arranging rental agreements for available properties. The company operates in the construction and real estate sector, where rental marketing and tenant placement are core services. It was listed as a ransomware victim associated with quantum.

Hufcor is a U.S.-based company headquartered in Janesville, Wisconsin, that manufactures and distributes operable partitions, movable walls, room dividers, and airwalls. It presents itself as a global industry leader in flexible space-management solutions and related professional services. Its products are used to divide and reconfigure interior spaces for commercial and institutional settings. Hufcor was listed as a ransomware victim associated with Quantum.

Grosvenor Engineering Group is an Australian-owned building services company based in Moorebank, New South Wales, with operations across Australia and New Zealand. It provides HVAC, fire services, electrical systems and advisory services for existing and new buildings, supporting technical asset management for commercial properties. Founded in 1994, it serves property portfolios and building owners with maintenance, design and refurbishment work. It was listed as a ransomware victim associated with quantum.

Drive Products is a Canada-based company in the communication and marketing-related commercial vehicle and truck equipment sector, headquartered in Mississauga, Ontario, with locations across Canada. It describes itself as a leading supplier of truck-mounted equipment and a one-stop shop for work trucks, offering products, services, system integration, upfitting, fabrication, and manufacturing. The company says it has more than 40 years of experience and supports a nationwide branch and partner network. It was listed as a ransomware victim associated with quantum.

Petro Serve is a Qatar-based company in the Agriculture / Food sector, operating from QA. Public company profiles do not provide detailed product lines, so the business can only be described at a sector level without adding unsupported specifics. In threat-intelligence indexing, it is identified by name, country, and industry to help analysts distinguish it from similarly named firms. It was listed as a ransomware victim associated with quantum.

Henry is a US company in the construction and real estate sector, known for supplying building and roofing materials and related products. Public reporting describes Henry Company as a California-based construction supply business serving commercial and residential markets. Its operations sit within a sector that is frequently targeted by ransomware actors because of its project, procurement, and customer data flows. It was listed as a ransomware victim associated with quantum.

brid is listed in the Other sector, but no reliable public profile in the available sources identifies its exact location, core offerings, or business model. In threat-intelligence cataloging, such entries are typically recorded under the company name when public-facing corporate details are limited or not yet verified. LockBit 2.0 is a ransomware-as-a-service variant associated with double-extortion tactics and broad victim targeting across industries. It was listed as a ransomware victim associated with lockbit2.

Remar is an Ecuador-based logistics company, also identified as ULOG Ecuador, operating in the transportation and logistics sector. Public incident reporting describes it as a firm serving shipping and logistics needs in Ecuador. In threat-intelligence records, it appears under the name remar.com.ec and is associated with the other sector classification. It was listed as a ransomware victim associated with lockbit2.

Jasper County Sheriff's Office is a public-sector law enforcement agency serving Jasper County, South Carolina, from Ridgeland. It provides patrol, criminal investigations, records access, emergency response, dispatch, and other sheriff’s office services for county residents. The office also handles incident reporting, warrants, and community-facing public safety support. In this ransomware victim listing, it was associated with onyx.

Monterey Mechanical Co. is a California-based industrial contractor and metal fabricator headquartered in Oakland, with operations centered in the San Francisco Bay Area. The company describes its work in complex water and wastewater projects, industrial facilities, metals fabrication and installation, HVAC, and odor control. Industry directories also list contractor specialties that include general engineering and related industrial services. The company was listed as a ransomware victim associated with Hive.

watermarkbeachr is an entity operating in the Other sector, with no specific geographic location or defined offerings publicly documented. As its name and sector suggest minimal public data, it is generally described by its classification rather than detailed operational specifics. The entity was listed as a ransomware victim associated with lockbit2, reflecting its inclusion in threat-intelligence records regarding this cybercriminal group. This listing type categorizes watermarkbeachr within the broader context of lockbit2's ransomware victim portfolio. No confirmed breach details, stolen data types, or record counts are available for this entity.

Mercadocar Mercantil Ltda. is a Brazilian services company focused on automotive retail. Public company profiles describe Mercadocar as an auto parts and accessories business serving both consumers and businesses, with operations in Brazil. It is associated with the broader automotive services and retail market. The company was listed as a ransomware victim associated with vicesociety.

Suhl is a city in Thuringia, central Germany, on the Lauter River in the Thuringian Forest, and it is known for a long industrial and civic history. Today, it functions as a municipal public-sector center, with local government and community services serving residents in and around the city. Public records and city-related listings also show municipal procurement and service activity in Suhl. It was listed as a ransomware victim associated with vicesociety.

Motive Energy is a leading supplier in the energy sector, operating across the United States with a focus on solar, energy storage, and EV charging solutions. For over fifty years, the company has delivered customized, innovative energy management systems to meet diverse business needs. It provides best-in-class products for the material handling industry, including batteries, chargers, and watering systems. Motive Energy was listed as a ransomware victim associated with the threat actor lv.

bri refers to Bank Rakyat Indonesia, a major financial institution operating in the Other sector within Indonesia, providing banking and digital financial services to individuals and corporations. The entity is known for its extensive network of branches and digital platforms that support regular banking operations without disruption. It was listed as a ransomware victim associated with LockBit2, a ransomware-as-a-service group that emerged in 2021 and has claimed to target thousands of companies globally. While LockBit2 affiliates employ double extortion techniques including data encryption and exfiltration, bri has confirmed its systems remain unaffected by similar ransomware threats. The listing serves as a reference point for threat-intelligence analysts monitoring ransomware victim patterns in the Indonesian financial sector.

Associazione Bancaria Italiana (ABI) is a voluntary, non-profit trade association for the Italian banking sector, based in Rome with additional offices in Milan, Brussels, and Frankfurt. It represents and supports banks and financial operators through studies, information, technical assistance, training, and sector events. ABI also publishes analysis and guidance on issues affecting the banking and finance industry. It was listed as a ransomware victim associated with vicesociety.

Domingues e Pinho Contadores is a Brazilian accounting and business-management firm based in Rio de Janeiro, with offices in São Paulo and Macaé. It provides accounting outsourcing and related services for national and international clients, including fiscal, payroll, financial, and tax consulting. Public company profiles also describe it as a reference in accounting outsourcing and business management in Brazil. It was listed as a ransomware victim associated with vicesociety.

Building Plastics, Inc. is a U.S. wholesale decorative surfacing and building materials company based in Memphis, Tennessee, with operations in Mississippi. It distributes flooring, laminate, hardwood, tile, carpet, countertops, and other decorative surfacing products to dealers, contractors, and commercial clients. The company serves the manufacturing and engineering supply chain through sales, logistics, and related support services. It was listed as a ransomware victim associated with vicesociety.

Fonseca Supermarkets is a retail and e-commerce grocery business in Brazil, offering supermarket goods through physical and digital channels. As a grocery operator, it fits the broader sector where online ordering and omnichannel shopping increasingly shape customer demand and fulfillment. In threat-intelligence indexing, it is identified by name and sector for cataloging and trend analysis. It was listed as a ransomware victim associated with vicesociety.

GOLDENDUCK GROUP is a leading cinema system integrator headquartered in Bangkok, Thailand, with offices across Southeast Asia including the Philippines, Malaysia, Vietnam, and Singapore. The company provides comprehensive cinema and auditorium services from conception and design through digital projection, audio equipment, cinema operation, and technical support. Over 40 years since its 1978 establishment, GOLDENDUCK GROUP has served more than 1,000 screens regionally and is recognized as Southeast Asia's largest digital cinema systems integrator. The firm also specializes in ProAV, broadcast equipment, digital film mastering, and content duplication. GOLDENDUCK GROUP was listed as a ransomware victim associated with the threat actor Vicesociety.

Pacific Maritime Industries Corp. is a Services-sector company based in San Diego, California, that supplies maritime-related products and support for the U.S. Navy, ship repair yards, and commercial maritime operations. Public profiles describe it as a federal contractor and supplier of shipboard furnishings and related goods, reflecting a business focused on maritime logistics and outfitting. In threat-intelligence catalogs, it was listed as a ransomware victim associated with onyx.

WAYNE FAMILY PRACTICE, ASSOC., P.C. is a medical group practice in Jesup, Georgia, with locations on Peachtree Street and Colonial Way. It provides family medicine and nursing services, including primary care and telehealth, for local patients. The practice operates as a healthcare provider serving the Jesup area. It was listed as a ransomware victim associated with onyx.

Advantage Direct Care is a provider associated with the direct care field, a healthcare-adjacent service sector that supports individuals needing personal assistance and related care. Public listings suggest a U.S.-based organization, but available sources do not clearly document a detailed public company profile, services list, or headquarters location. In threat-intelligence cataloging, it is referenced as a ransomware victim entry. The listing identifies Advantage Direct Care as a ransomware victim associated with onyx.

C&C FARMERS’ SUPPLY CORP is a Virginia farm-supply business serving agricultural and dairy customers with equipment, feed, and related supplies. Everstead Farm Supply states that C&C Farm Supply was its former name and that the business has supported Virginia dairy farmers since 1979. The company operates in the Agriculture / Food sector and is associated with U.S. farm retail operations. It was listed as a ransomware victim associated with onyx.

Semaphore Solutions Inc is a Canada-based services company focused on laboratory informatics and custom software for R&D, molecular biology, and other lab workflows. It operates from Victoria, British Columbia, and serves clients across North America and Europe. Its offerings include lab information management, workflow optimization, and software modernization for scientific and environmental monitoring use cases. It was listed as a ransomware victim associated with onyx.

Ackerman Plumbing Inc is a services-sector plumbing contractor based in Sarasota, Florida, serving commercial clients across Florida and providing full-service plumbing work. Its public site describes it as a commercial plumbing contractor headquartered in Sarasota and serving the Tampa-to-Naples corridor. The company operates under the Ackerman Plumbing name and promotes plumbing installation, repair, and maintenance services. It was listed as a ransomware victim associated with onyx.

LARON is an OTP Industrial Solutions company serving industrial customers with mechanical and electric motor repair, fabrication, machining, engineering, field service, and installation support. It operates from Kingman, Arizona, and is described by OTC Industrial Technologies as a provider to sectors including power, mining, petrochemical, water and wastewater, and manufacturing. Its offerings center on industrial equipment repair and custom manufacturing for heavy industry. The company was listed as a ransomware victim associated with Conti.

Levantina, Ingeniería y Construcción is a Spanish construction company based in Alberic, Valencia, with offices also listed in Valencia and Madrid. Public business directories describe it as active in building construction and major infrastructure projects, including rail, highway, and road works. Its corporate listing also identifies it as Levantina Ingenieria y Construccion SL, with a registered presence in Madrid. It was listed as a ransomware victim associated with vicesociety.

Stratton Finance is an Australian finance broker that arranges car and asset finance through a network of lenders and insurers. It operates in the Finance, Legal, and Insurance ecosystem and serves customers through offices across major Australian cities and a national franchise network. Public descriptions say it is one of Australia’s largest car and asset finance brokers, with accreditation from more than 40 lenders and insurers. It was listed as a ransomware victim associated with vicesociety.

Est Ensemble is a French territorial public establishment in the Greater Paris Metropolis, serving nine municipalities in Seine-Saint-Denis. It coordinates local public services and projects aimed at improving daily life for about 408,000 residents. The organization operates in the public sector and manages a broad local-government remit, including community services and territorial development. It was listed as a ransomware victim associated with vicesociety.

Tehama County Social Services is a public sector county agency in Red Bluff, California, serving residents through local social assistance programs. Its services include public assistance such as CalFresh, Medi-Cal, CalWORKs, and related eligibility support, with offices and contact channels for applications and case services. The agency operates from the Tehama County government system and serves families and individuals seeking aid. It was listed as a ransomware victim associated with quantum.

Ragle Incorporated is a Newburgh, Indiana-based services company that operates as a highly diversified highway and bridge contractor. It provides heavy civil, commercial, and related construction services, with project capabilities that include roadway work, bridge construction, paving, grading, and drainage systems. Public business listings also place the company in Texas alongside its Indiana headquarters. In threat-intelligence records, Ragle Incorporated was listed as a ransomware victim associated with blackbasta.

Hydromax USA is a U.S.-based utility field services company founded in 2003 and headquartered in Flower Mound, Texas, with additional operations in Evansville, Indiana. It provides advanced data collection, condition assessment, and maintenance services for gas, water, and wastewater utilities, using analytics and technology to support infrastructure safety and efficiency. Company materials describe it as a professional services provider focused on helping utilities manage aging conveyance systems and renewal planning. It was listed as a ransomware victim associated with lockbit2.

Attica Group is a Greece-based holding company active in passenger shipping, travel agency, and cargo services. With a 30-year presence on Greek and international seas, it leads the coastal passenger shipping sector and operates among the largest ferry fleets in the region. The group offers shipping, transportation, and leisure connections between Greece and Italy in the Adriatic Sea, as well as routes to the Cycladic, Dodecanese islands, and Crete. It merged with ANEK Lines in December 2023, significantly expanding its fleet and operational capacity in the Greek ferry sector. Attica Group was listed as a ransomware victim associated with the threat actor hive.

CORFERIAS is the International Business and Exhibition Center of Bogotá, Colombia, serving the Andean Region, Central America and the Caribbean. It operates as a convention and exhibition venue in west Bogotá, hosting trade fairs, business events and large public gatherings. The organization says it has more than 70 years of experience supporting industrial, social, cultural and commercial development in the region. It was listed as a ransomware victim associated with vicesociety.

ALMANIE GROUP is a Kuwait-based services company headquartered in Qibla, Kuwait City. Company profiles describe it as operating in Consumer Services and running a diversified portfolio that includes real estate, facility management, construction, retail, and related support services. Its public business descriptions also emphasize asset and portfolio management, consulting, and other commercial services. In threat-intelligence indexing, ALMANIE GROUP was listed as a ransomware victim associated with vicesociety.

Osprey Video is a United States-based company headquartered in Flower Mound, Texas, specializing in premium video-capture technology and streaming solutions for mission-critical workflows. The firm provides a wide range of offerings including video capture cards, hardware and software encoding, and live streaming services for industries such as medical, avionics, and military applications. With over twenty years of experience and more than one million capture cards sold, Osprey Video delivers reliable products for broadcast, Internet TV, and surveillance sectors. The company was listed as a ransomware victim associated with the LockBit2 threat actor.

Warren Gibson Limited is a Canadian-based, family-owned transportation company with over 80 years of industry expertise, founded in 1946 in Alliston, Ontario. The company specializes in domestic, cross-border, and time-sensitive freight services, operating across Ontario, Quebec, and 48 U.S. states. It offers truckload and LTL services with terminals in multiple locations, emphasizing safety, respect, and teamwork. Warren Gibson Limited was listed as a ransomware victim associated with the LockBit2 threat actor.

Davis Landscape appears to be a U.S.-based landscape services business operating under the Davis Landscape name, with web evidence showing commercial landscape offerings and hiring activity in the United States. Publicly available references indicate it serves customers such as contractors, developers, multi-family management companies, and HOA/POA organizations. The entity name suggests a company focused on landscaping and related outdoor maintenance work, but the available sources do not clearly identify a single official headquarters page for davislandscapel... itself. It was listed as a ransomware victim associated with lockbit2.

Elgin County is an upper-tier municipality in Southwestern Ontario, Canada, serving local residents through public-sector administration and community services. Its government functions include planning, economic development, transportation, and other municipal services for the county area. County communications and service information are published through official Elgin County channels and related municipal sites. The entity was listed as a ransomware victim associated with quantum.

Attica Holdings S.A. is a Greece-based holding company that operates international ferry services across Europe, specializing in coastal passenger shipping, travel agency, and cargo transport. The company offers shipping, leisure services, and connections between Greece and Italy in the Adriatic Sea, as well as routes linking mainland Greece with the Cycladic, Dodecanese islands, and Crete in the Aegean Sea. Through subsidiaries like Superfast Ferries, it owns and operates 37 vessels serving passengers and cargo in the Eastern Mediterranean. Attica Holdings S.A. was listed as a ransomware victim associated with the conti threat actor.

For Peru is listed in the other sector and is associated with Peru, indicating an organization or entity operating in the country rather than a specific industry vertical. The name does not by itself identify a public-facing business line, so the safest description is a Peru-linked entity in a non-specialized sector. Conti is a well-known ransomware group active against public and private organizations worldwide. For Peru was listed as a ransomware victim associated with Conti.

ADA is a Toronto-based software company that provides AI customer service technology for enterprise teams. It develops a platform designed to help organizations automate service, improve agent performance, and deliver customer experiences at scale. The company operates in the software development sector and serves businesses seeking to modernize support operations. ADA was listed as a ransomware victim associated with blackbasta.

TÜV NORD GROUP is a German services organization headquartered in Hannover, Lower Saxony, with operations focused on testing, inspection, and certification. Its services cover technical inspections of plants and systems, management-system certification, and other safety and quality solutions across sectors. The group also supports areas such as mobility, training, and IT through its broader technical-services portfolio. It was listed as a ransomware victim associated with blackbasta.

Plauen Stahl Technologie GmbH is based in Plauen, Saxony, Germany, with its registered address on Hammerstr. 88. The company specializes in the planning, fabrication, logistics, and installation of steel structures, including complex bridge and industrial steelwork. Public company records also describe its purpose as the development, project planning, production, and distribution of steel structures of all kinds. It was listed as a ransomware victim associated with blackbasta.

Oralia Medical GmbH is a medical devices manufacturer founded in 1980 in Constance, Germany. The company develops, manufactures, sells, and services medical devices from its headquarters on Schneckenburgstrasse in Constance. Public company information identifies Oralia as operating in the medical manufacturing sector rather than a consumer-facing business. It was listed as a ransomware victim associated with blackbasta.

Boswell Engineering is a New Jersey-based engineering firm headquartered in South Hackensack, with additional offices in Albany, Chester, Poughkeepsie, and Hopewell. It provides planning, design, construction oversight, and related engineering services for public and private clients, including civil, structural, environmental, municipal, transportation, and underwater work. The company describes itself as delivering engineering solutions and construction management across the northeastern United States. Boswell Engineering was listed as a ransomware victim associated with blackbasta.

LECHLER S.p.A. is an Italian manufacturer based in Como, Lombardy, with a long history dating to 1858. It produces coatings for automotive refinish, industry, yachting, wood, and interior design, serving industrial and decorative applications. The company is part of the chemicals and coatings sector. It was listed as a ransomware victim associated with blackbasta.

Laiteries Reunies Societe cooperative is a Swiss cooperative based in Plan-les-Ouates, in the canton of Geneva. It operates in the production of comestibles and, through the Laiteries Réunies Genève group, focuses on dairy products and related agri-food activities, including trade and logistics. The cooperative is headquartered at chemin des Aulx 6 and is active in Switzerland. It was listed as a ransomware victim associated with blackbasta.

IMA Schelling Group is a global engineering and manufacturing company based in Luebbecke, North Rhine-Westphalia, Germany. It develops advanced machinery and integrated production systems for the wood, metal, plastics, and board-processing industries, with U.S. support operations in Morrisville, North Carolina. The company also provides sales, parts, service, and support for its machinery line across industrial manufacturing markets. It was listed as a ransomware victim associated with blackbasta.

LACKS is an Other-sector company in the United States, but publicly available search results do not provide enough reliable detail to confirm its specific offerings. Black Basta is a ransomware-as-a-service group active since 2022 and known for double-extortion attacks against organizations in many sectors. In threat-intelligence catalogs, LACKS is listed as a ransomware victim associated with blackbasta.

Basler Versicherungen is the Swiss insurance business of the Baloise Group, based in Switzerland and focused on insurance and pension solutions. It also works alongside Baloise Bank SoBa as a combined financial services provider, offering insurance, banking, and retirement-related products. The company serves private and business customers through a broad range of financial protection and Vorsorge offerings. It was listed as a ransomware victim associated with blackbasta.

Deutsche Windtechnik is a Bremen, Germany-based company in the energy and IT-adjacent services space that provides technical maintenance for wind turbines. It delivers a single-source service package for onshore and offshore assets across Europe, the United States and Taiwan. Company materials say the group supports thousands of wind turbines worldwide and operates through an international service network. It was listed as a ransomware victim associated with blackbasta.

SSK Ingeniería y Construcción S.A.C. is a private construction company based in Lima, Peru, with its headquarters in San Isidro. Public business profiles describe it as operating in building construction, and one company profile notes work in residential building construction. Company descriptions also reference projects and services in construction and assembly for industrial sectors such as mining, metallurgy, and energy. It was listed as a ransomware victim associated with hive.

Confcommercio - Alessandria - Home is the provincial office of Confcommercio for Alessandria, Italy. It represents entrepreneurs in the commerce, tourism, and services sectors and provides association services for local businesses. The organization operates from Alessandria and publishes member and office information through its official website. It was listed as a ransomware victim associated with quantum.

Danaher is a global science and technology company headquartered in Washington, District of Columbia, in the United States. It focuses on life sciences, diagnostics, and biotechnology, and says it operates through more than 15 businesses that support human health and related scientific work. The company has a broad international footprint and serves customers across more than 50 countries. Danaher was listed as a ransomware victim associated with stormous.

Mattele appears in the entertainment and toy sector, with public company information showing Mattel, Inc. as a California-headquartered multinational toy manufacturing and entertainment company based in El Segundo, California. Its corporate footprint includes consumer brands and operations tied to toys and family entertainment, with offices and locations in the United States and abroad. This listing uses the available entity name and sector context while avoiding unsupported incident details. Mattele was listed as a ransomware victim associated with stormous.

coca-cola.co.ae is associated with Coca-Cola Middle East, the regional presence of The Coca-Cola Company in the United Arab Emirates. The Coca-Cola Company is a multinational beverage company that manufactures, sells and markets soft drinks, other non-alcoholic beverage concentrates and syrups, and alcoholic beverages. The site supports the company’s brand and product information for the market. It was listed as a ransomware victim associated with stormous.

Waiting for next leak is a listed ransomware victim in the Other sector, but no reliable public source identifies a specific organization, location, or commercial offering under that name. In threat-intelligence indexes, the label is used as an entity entry rather than a verified business profile, so sector and operational details remain unconfirmed. The listing appears in ransomware tracking data tied to KelvinSecurity, a group noted in 2024 analysis of ransomware leak-site activity. It was listed as a ransomware victim associated with kelvinsecurity.

NATION Costa Rica is an entity in Costa Rica classified in the other sector, a broad category used for organizations that do not fit a standard industry label. Costa Rica’s economy is a high-income, service-led market with significant activity in banking, telecommunications, manufacturing, and export-oriented technology firms. In that context, NATION Costa Rica is documented as part of the country’s business landscape without additional public operational details in the available record. It was listed as a ransomware victim associated with kelvinsecurity.

Elgin_Ca refers to the County of Elgin’s official geospatial data and open-data portal, which provides interactive maps, GIS layers, and related datasets for residents, planners, researchers, and municipal staff in Ontario, Canada. The county also publishes information on economic development and tourism through its official websites, reflecting a public-service and administrative focus. In threat-intelligence context, this entity is cataloged for index reference rather than as a confirmation of compromise. It was listed as a ransomware victim associated with conti.

Multimmobiliare e Partecipazioni SA is a company limited by shares headquartered in Locarno, Switzerland, operating in the real estate management sector. The firm specializes in the development, construction, and promotion of residential and commercial properties in Ticino, managing projects from design to promotion. It also functions as real estate consultants in Locarno, offering services related to property management and consultancy. The company was listed as a ransomware victim associated with the LockBit2 threat actor, with no confirmed details on stolen data or breach specifics.

huesser.ch appears to represent a Swiss business associated with the Heusser name and based in Switzerland. Available directory data points to Heusser Water Solutions AG in Cham, where the company operates in water management and industrial machinery, offering products and related solutions. Separate business profiles also identify a Carl Heusser AG in Cham, Zug as active in telecommunications, office products, and construction. The domain was listed as a ransomware victim associated with lockbit2.

emucor.es is a Spain-based domain associated with an organization in the broad other sector, with public-facing web presence indicated by its .es address. As listed here, it is treated as a corporate entity in Spain rather than a consumer brand, but no verified public description of its offerings was available in the provided sources. The entry places it in a threat-intelligence context used to track ransomware targets and incident associations. It was listed as a ransomware victim associated with lockbit2.

Cronos.com.ar is the website of Cronos S.A.I.C., an Argentina-based company in Buenos Aires that provides solutions for control de accesos, tiempo y asistencia, and sistemas de seguridad. Its site also presents software, tools, manuals, and related services for personnel control and access management. Public materials describe more than 130 years of activity in these business lines and include products for access, attendance, and meal control. The company was listed as a ransomware victim associated with lockbit2.

schriesheim.de is the official web presence of Schriesheim, a town in Baden-Württemberg, Germany, in the Rhein-Neckar-Kreis near Heidelberg and Mannheim. The municipality uses the site to provide local government information and public services for residents and visitors. As a German public-sector municipal domain, it serves administrative, civic, and community information needs. It was listed as a ransomware victim associated with lockbit2.

kdaponte.com is the website of K. DaPonte Construction Corp., a construction services company based in Fall River, Massachusetts, in the United States. The company describes itself as an SDO-certified DBE subcontractor specializing in granite and precast curb installation, concrete sidewalks, concrete finishing, and masonry stone work. Its contact pages list its office at 100 Weybosset Street and present it as a local construction contractor serving building and renovation needs. It was listed as a ransomware victim associated with lockbit2.

gp is a United States organization in the Other sector, and the name alone does not identify a specific public business profile beyond that listing context. Based on the available record, it should be treated as a corporate or institutional entity rather than a consumer brand, but no verified public description of its offerings is available here. LockBit 2.0 is a ransomware-as-a-service variant associated with double-extortion operations and broad victim targeting. gp was listed as a ransomware victim associated with lockbit2.

Co-opbank Pertama is a Malaysian cooperative bank in the finance, legal, and insurance ecosystem, headquartered in Kuala Lumpur. It provides Shariah-compliant banking and related services, including personal financing, business loans, savings products, deposit accounts, Ar-Rahnu, takaful, and wills. Established under Malaysia’s cooperative framework, it serves members through retail and financing offerings. It was listed as a ransomware victim associated with suncrypt.

VALOORES is a privately held company based in Sad El Baouchriyeh, Metn, Lebanon, specializing in Business Intelligence, AI, Machine Learning, Big Data, and Compliance solutions for enterprise innovation. The company optimizes data usage to empower decision-making, helping businesses across banking, finance, insurance, government, and retail sectors reach their targets globally. VALOORES embraces evolving Banking & Finance business models to sustain growth and tackle industry challenges through tailored consulting and enterprise management solutions. It was listed as a ransomware victim associated with the LockBit2 threat actor.

tigergroup.ae belongs to Tiger Group, a Dubai-headquartered UAE company with business lines in real estate, contracting, hospitality, industrial services, education, health clubs, landscaping, and facilities management. The company presents itself as a trusted real estate and development group serving the UAE market from Dubai. In threat-intelligence indexing, tigergroup.ae is cataloged as a services-sector entity in AE. It was listed as a ransomware victim associated with lockbit2.

Greenex is an international plant broker and distributor headquartered in Denmark, with offices in the United States and Canada. The company began operations in 1998 and supplies seeds, cuttings, young plants, liners, and pre-finished plants to commercial growers worldwide. Public company profiles describe it as serving professional horticulture and arranging logistics for plant materials across markets. Greenex was listed as a ransomware victim associated with lockbit2.

ccfsinc.com is associated with Colusa County Farm Supply, a California business based in Williams, serving farmers and ranchers in Colusa, Glenn, Sutter, and Yolo counties. Public business listings describe it as a grower-owned agribusiness in the farming services sector, with a site at CCFSINC.com and contact details tied to Williams, California. Its profile indicates a local agricultural supply operation rather than a national enterprise. It was listed as a ransomware victim associated with lockbit2.

Tiger Capital Group is a services company that provides asset valuation, advisory, capital solutions, restructuring, disposition, auction, and monetization services. Public company materials describe its work across financial, retail, wholesale, industrial, oil and gas, and energy sectors, reflecting a broad asset-management and transaction-services focus. The firm’s website presents Tiger Capital Group as a provider of financial and asset solutions in the United States. It was listed as a ransomware victim associated with lockbit2.

Valore is a Boston-based education company focused on textbook solutions for students and the higher education market. It provides a platform for buying, renting, and selling college textbooks, serving the needs of college students. Public company profiles place it in the education sector and identify its headquarters in Boston, Massachusetts. The entity was listed as a ransomware victim associated with lockbit2.

JASEC is the Junta Administrativa del Servicio Eléctrico Municipal de Cartago, a public utility in Cartago, Costa Rica. It operates in the electric power and infrastructure sector and serves municipal electricity-related services. Public company and project profiles describe JASEC as a Costa Rican utility focused on electricity operations and customer service. In threat-intelligence records, Jasec was listed as a ransomware victim associated with Conti.

Mossbourne Federation is a UK multi-academy trust and education charity based in London, with schools across Hackney, Thurrock and the wider South East. It runs primary, secondary and sixth-form academies and says it focuses on high expectations, pupil support and co-curricular opportunities. The federation also advances education through bursaries and wider support for pupils and former pupils. It was listed as a ransomware victim associated with vicesociety.

Centre Hospitalier de Castelluccio is a public hospital located in Castelluccio, near Ajaccio, France, specializing in adult and infanto-juvenile psychiatry, mental health care, and day hospital services across Corsue-du-Sud. The institution offers inpatient psychiatric units, outpatient consultations, and 6 CATTP centers for mental health support, serving patients aged 16 to 75 and older. It operates as a departmental public health establishment with additional psychiatric units in Porto-Vecchio and Bonifacio. Centre Hospitalier de Castelluccio was listed as a ransomware victim associated with the threat actor Vicesociety.

Stratford University was a private, for-profit higher-education institution based in Virginia, with campuses in Falls Church, Newport News, Virginia Beach, and Woodbridge, and a campus in New Delhi, India. It offered academic programs and career-focused training across fields such as culinary arts, hospitality, health care, business, and technology. The institution served students through classroom-based and other program formats. Stratford University was listed as a ransomware victim associated with revil.

ProPhoenix is a Moorestown, New Jersey-based public safety software company that develops fully integrated, browser-based products for 911 dispatch centers, police, fire, and corrections agencies. Its offerings include CAD, mobile, and RMS tools for public safety workflows. The company presents itself as focused on delivering secure software and timely information for agencies. It was listed as a ransomware victim associated with Cuba.

Metro Brokers is a Georgia real estate brokerage headquartered in the Atlanta area and serving metro Atlanta and North Georgia. It presents itself as a full-service real estate company with multiple offices and broad agent support across the region. Its offerings include residential real estate services and related brokerage support under the Better Homes and Gardens Real Estate Metro Brokers brand. It was listed as a ransomware victim associated with Cuba.

Simplilearn.net is the website of Simplilearn, a U.S.-based digital skills training company founded in 2010. It offers online bootcamps, certification programs, PGPs, master’s programs, and live training for learners and working professionals. The company describes itself as a global leader in digital skills education serving a worldwide audience. The site was listed as a ransomware victim associated with lockbit2.

PT Pertamina Gas is an Indonesian energy company operating in the midstream sector of the gas industry, with its primary location in Jakarta, Indonesia. The company focuses on gas marketing and midstream operations within Indonesia's gas infrastructure. It serves as a subsidiary of PT Pertamina (Persero), contributing to the nation's downstream and midstream gas activities. PT Pertamina Gas was listed as a ransomware victim associated with kelvinsecurity.

fazenda.rj.gov.br is the official website of the Secretaria de Estado de Fazenda do Rio de Janeiro, the state finance department for Rio de Janeiro, Brazil. Its public portal provides tax, payment, service, and administrative information, along with digital and in-person support channels for taxpayers and other users. The site is part of the state government’s finance and revenue operations in Rio de Janeiro. It was listed as a ransomware victim associated with lockbit2.