惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Vercel News
Vercel News
Recorded Future
Recorded Future
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
The GitHub Blog
The GitHub Blog
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Google DeepMind News
Google DeepMind News
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Microsoft Azure Blog
Microsoft Azure Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
M
MIT News - Artificial intelligence
云风的 BLOG
云风的 BLOG
Y
Y Combinator Blog
N
News | PayPal Newsroom
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Help Net Security
Help Net Security
博客园 - Franky
SecWiki News
SecWiki News
Recent Announcements
Recent Announcements
T
Troy Hunt's Blog
The Register - Security
The Register - Security
The Last Watchdog
The Last Watchdog
Webroot Blog
Webroot Blog
S
Security Affairs
博客园 - 司徒正美
S
Schneier on Security
I
InfoQ
博客园_首页
www.infosecurity-magazine.com
www.infosecurity-magazine.com
T
Threat Research - Cisco Blogs
Forbes - Security
Forbes - Security
腾讯CDC
N
Netflix TechBlog - Medium
N
News and Events Feed by Topic
Cloudbric
Cloudbric
T
The Exploit Database - CXSecurity.com
P
Proofpoint News Feed
A
About on SuperTechFans
Engineering at Meta
Engineering at Meta
Recent Commits to openclaw:main
Recent Commits to openclaw:main
B
Blog
V
Vulnerabilities – Threatpost
C
Check Point Blog
Google DeepMind News
Google DeepMind News
Google Online Security Blog
Google Online Security Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
Hacker News - Newest:
Hacker News - Newest: "LLM"
C
Cisco Blogs
Schneier on Security
Schneier on Security
O
OpenAI News
K
Kaspersky official blog

RansomLook – Last entries

Syndicate · RansomLook D1r · RansomLook Crpx0 · RansomLook Dataleak · RansomLook Arcus Media · RansomLook Doommageddon · RansomLook Redact · RansomLook Settra · RansomLook Wallstreet · RansomLook Cloak · RansomLook Deadlock · RansomLook 3am · RansomLook Direwolf · RansomLook Inc Ransom · RansomLook Qilin · RansomLook Bavacai · RansomLook Killsec3 · RansomLook Black X · RansomLook Coinbase Cartel · RansomLook Audit Team · RansomLook Abyss-Data · RansomLook Play · RansomLook Ailock · RansomLook Bravox · RansomLook Gunra · RansomLook Genesis · RansomLook Pear · RansomLook Termite · RansomLook Everest · RansomLook Worldleaks · RansomLook Payoutsking · RansomLook Nightspire · RansomLook Triple X · RansomLook Spy Corporate · RansomLook Nova · RansomLook Titan · RansomLook Stormous · RansomLook Nitrogen · RansomLook Money Message · RansomLook Akira · RansomLook Sinobi · RansomLook Icarus · RansomLook Ms13-089 · RansomLook Space Bears · RansomLook Cmd Organization · RansomLook Radar · RansomLook Secp0 · RansomLook Fulcrumsec · RansomLook Mnt6 · RansomLook Clop · RansomLook Rhysida · RansomLook Tridentlocker · RansomLook Brain Cipher · RansomLook M3rx · RansomLook Lockbit5 · RansomLook Securotrop · RansomLook Leak Bazaar · RansomLook Morpheus · RansomLook Embargo · RansomLook kairos details Leakeddata · RansomLook Safepay · RansomLook Prinz Eugen · RansomLook Crypto24 · RansomLook Ransomexx · RansomLook Payload · RansomLook Leaknet · RansomLook Vect · RansomLook Interlock · RansomLook Nasir Security · RansomLook Black Nevas · RansomLook Chaos · RansomLook Medusa · RansomLook Ransomhouse · RansomLook Dragonforce · RansomLook Krybit · RansomLook Lamashtu · RansomLook medical-park By blackwater Exitium · RansomLook Shinyhunters · RansomLook shadowbyt3$ details The Gentlemen · RansomLook Insomnia · RansomLook Eraleign (Apt73) · RansomLook anubis details Lynx · RansomLook beast details timc details
Aurora · RansomLook
2026-04-30 · via RansomLook – Last entries

aurora logo

2/2 up parser

7posts (all time)

7last 30 days

7last 7 days

100% avg uptime 30d

Activity · last 30 days last post

aurora logo

Parsing: enabled

View crypto

Ransom notes1
Chat servers1
Url
Status
Screen
Uptime 30d
Health
http://ijexszhscln27nl263lmcd7tx3jttkhm4wjhd4e3y6r4csdbfyeprvid.onion/ Up Screen
100%
Activity (interactive) 7

Activity charts

Posts7
Date Title Description Screen
Costa Solutions, LLC Costa Solutions, LLC — a privately held managed-labor and warehousing company headquartered in San Antonio, Texas, with ~$140M annual revenue and 200–1,000 employees. The file server contained the complete operational, financial, legal, and human resources infrastructure of the company: 3,000–8,000+ individuals' personal data — current employees, former employees (12 years of records), independent contractors, employee dependents, and job applicants. SSNs on W-2s, W-4s, 1099s, I-9s, background checks. Bank account and routing numbers on 200+ direct deposit forms. Medical and injury records — 150+ employee injury/medical files from 2013–2026, FMLA medical certifications, drug test results (random, reasonable suspicion, post-incident, promotional), and workers' compensation claims for 23+ named individuals. CEO's entire file system — Josh Wean's Documents folder (5.3 GB) including P&L statements, a 17-subfolder "Confidential" directory, legal correspondence, strategic plans, a C-12 peer advisory group archive, and a $RECYCLE.BIN with 60+ deleted items. Client contracts and competitive intelligence — pricing, SLAs, and contract terms for HEB, CVS, Sysco, Amazon, McLane, Labatt, Valvoline. Competitor pricing intelligence. RFP bid documents with cost models. Active legal case files — litigation records (2021–2022), HR internal investigation notes (2018–2021), arbitration files, active investigations marked "DO NOT DELETE" — all subject to attorney-client privilege. Infrastructure secrets — an HEB production server TLS certificate, a Cisco AnyConnect VPN installer, and the CEO's Remote Desktop connection file. Corporate financials — multi-year budgets, valuation & sale documents (indicating possible M&A activity), PPP loan forgiveness records, Form 5500 ERISA filings, and annual reporting.
Bayou Title, Inc. Bayou Title, Inc. — the largest title insurance agent and closing/settlement services provider in Louisiana, with 19 full-service locations statewide. The exfiltrated data spans 20+ years of operations (2004–2026) and includes: 70,000–100,000+ Social Security numbers paired with names, addresses, and sale proceeds from 1099-S real-estate closing worksheets covering all 19 offices across three tax years (2018–2020), plus W-2 and 1099-MISC filings. Complete employee payroll databases — 10+ instances of Sage 50 EMPLOYEE.DAT files containing SSNs, bank account numbers, routing numbers, pay rates, tax withholding, and direct deposit details for current and former employees. 103 GB of title abstracts — ~34,000+ PDFs documenting ownership chains, liens, and mortgages for properties across Louisiana. 44 GB of GreenFolders DMS transaction packages (2012, 2013, 2019) — complete closing file archives containing HUD-1 settlement statements, identity verification documents, SSN cards, and tax records. Filenames contain encoded tags (ssn, hud, soc, tax). Plaintext credentials for government portals — a file literally named Lafayette Assessors lcmenard Password4321.url, plus a PDF containing Orleans Parish system login credentials. Attorney-client privileged documents — wills, attorney engagement letters, and legal opinions prepared by licensed Louisiana attorneys.
Advanta Genetics LLC Advanta Genetics LLC — a respected CLIA/CAP-accredited clinical toxicology and molecular diagnostics laborator. The exposed material includes: Tens of thousands of real patient lives — including highly sensitive chronic opioid therapy charts flagged by the Texas Medical Board and elderly Medicare audit records. Provider identities and prescribing power — SSNs, DEA numbers, and state licenses from 20+ states that can be turned into black-market "script pads". Gold-standard identity theft kits — W-2s, I-9s with passport scans, and full employee packages for 50+ staff. 102 complete QuickBooks company files exposing every vendor, payroll run, bank link, and financial secret across the Advanta/RedLeaf/OSPRI empire. High-value trade secrets — OSPRI Biopath investment decks, valuation models, FDA pre-submission packets, and the proprietary "The Brain" AI diagnostic architecture. Explosive privileged attorney-client memos on active regulatory battles (Texas Medical Board Remedial Plan #19-153 and a federal NORA subpoena). Active Directory domain controller data (NTDS.dit and SAM hives).
Baresque Group Baresque Group — a respected commercial-interiors company headquartered in Perth, Australia, with offices in Dallas, Chicago, and Brussels. The exposed material includes: 100+ passport scans, 35 birth certificates, 60+ driver's licences, 50+ TFN declarations — the complete identity-theft toolkit for the entire workforce, spanning Australia, the US, and Europe. Plaintext credentials for every critical system — Microsoft 365, HR platform (Elmo Talent), remote-access gateway (LogMeIn), phone system (3CX), ERP (Jim2) — all in browser-export CSVs and an enterprise-wide Password_Listing.xls that had been sitting on a shared drive since at least 2017. 4 TLS private keys for customer-facing domains — enabling impersonation of the company's websites. 343 GB of product R&D — SolidWorks CAD files, manufacturing specifications, and product blueprints for Zintra acoustic panels, FUNC furniture, botton+gardiner wallcoverings, and Scribblr surfaces. The complete design library. Two years of board packs, financial reports, and cash-flow models — the company's entire strategic and financial position laid bare. Privileged legal documents — active subpoena files, sworn affidavit exhibits, Fair Work Australia tribunal filings, and settlement agreements with confidentiality clauses. Workers compensation medical records naming specific employees with diagnoses, treatment plans, and claim amounts.
Cheval Blanc Randheli Guest Passport Scans — 75,855 Files, 10 Years The single largest data category: 75,855 passport scan images spanning January 2015 through October 2024, organised in daily folders within monthly and yearly directories. These represent an estimated 20,000–30,000 unique guests. Each scan contains the full passport bio page: photo, full name, date of birth, nationality, passport number, machine-readable zone (MRZ), and signature. Among the exposed passports: Qatar Royal Family members — 9 passport scans including Muhammad Mesned S M Al-Misned, Abdulla, Khalifa, Lolwa, Nasser, Alanoud, Bessy, and Mesned UAE VIP and government officials — including H.E. Ahmed Saif Ali Aldhabea Aldarmaki, H.E. Matar Suhail Ali Alyabhouni Aldhaheri, and members of an April 2024 private buyout group who arrived on private jets (tail numbers A6AUH, A6DAH) LVMH head-office executives — 7 passport/profile photos including named senior staff from Paris Guest PMS Data — 30,000–50,000 Profiles Opera PMS exports containing full names, home addresses (street-level), nationalities, VIP classification levels (A/B/C/G), partial credit card data (last-4 digits + expiry + card type), deposit amounts, booking confirmation numbers, stay histories, travel agent details, flight numbers, and guest preferences. Employee Records — 1,000–2,000 Individuals Ten years of salary records (2017–2026), medical insurance claims organised by department, ~200 ECARD ID photos, vacation/leave records, Key Management Personnel (KMP) compensation details, and biometric enrollment data from the Gladis facility-access system. Credentials and Infrastructure BitLocker recovery key — full disk-encryption key for the Windows server volume Passwords.docx — plaintext system password store covering revenue, PMS, and operational systems Extranet passwords — booking-portal and vendor credentials 3CX VoIP backup — SIP credentials, extension configurations, call routing rules Biometric templates (Gladis enrollment) — non-rotateable fingerprint/facial data Corporate-Sensitive Documents Management Contract of Cheval Blanc Randheli — the LVMH–property owner agreement containing fee structures, performance benchmarks, and brand license terms Board investment recommendation for Velidhoo — a potential new property with capital allocation and return projections 10 years of budgets and revenue forecasts Audited subsidiary financial statements (I&T / Sitax entities) White Book — the property's operational standards manual (proprietary LVMH brand IP) Building Management System data — HVAC, power, desalination, and lighting control files for island infrastructure
Law Offices of Michael A. Freedman, P.A. (maflaw.com) Law Offices of Michael A. Freedman, P.A. (maflaw.com). The exfiltrated corpus is 579 GB used / 143 GB at root level / 196,701 files / 19,231 directories, dated as recently as a year-2026-in-progress client matter. What this means for a plaintiffs' PI firm of ~25 staff: 656 client-matter folders organised across eight yearly parents from June 2019 through 2026-in-progress. Per-client medical records, HIPAA authorisations, police reports, settlement releases, IOLTA distribution sheets, retainer agreements, and treating-provider correspondence. Two staff Outlook archives at 2.1 GB each, plus a 505 MB Outlook backup, plus 27 enumerated .pst files — years of attorney–client privileged correspondence, settlement strategy, opposing-counsel comms. The complete Sage ACT. Pro v18 contact universe — the live database plus eight historical ZIP backups going back to 2013 plus a 9.3 MB plaintext export (ACT!-Contacts.txt) that any text editor can open. Estimated 5,000–12,000 contacts. The firm's master credential vault in a Word document called Woodywoody78!.docx (the filename is itself the vault password). Plaintext credentials for M&T Bank multi-identity business + commercial accounts (with electronic-payment-approval authority), Bank of America, Paychex, QuickBooks, and the firm's federal EIN. Plus the senior partner's phone-unlock PIN. A staff browser-exported password CSV (32 plaintext credentials) including the M365 tenant, the Slack tenant, hospital portals (MedStar, GBMC, Allstate secure mail), MoveDocs, ChartRequest, MSHC Legal portal — plus residual credentials from prior employers SLF Law and Bailey Law, creating cross-firm contamination liability. The Universal Licensing / Freedman Consulting invention-promotion operation — a second line of business under the same EIN, with hundreds of inventor folders. Per-inventor unpublished invention disclosures, “Internet Presentation of Invention” decks, NDAs, Exclusive Patent License Agreement drafts, patent-art renderings, and per-managed-mailbox client-company passwords. A criminal-defense sub-practice (“SLF criminal” out of Janice's working folder) with retainer agreements and per-client court documents, carrying 6th-Amendment-attorney–client uplift on the privileged-track scoring. An Axon evidence.com MPIA-released body-worn-camera package (449 MB total; a 448 MB clip from the 2020-12-20 Park Baltimore incident).
Atlas Metal Industries Inc Atlas Metal Industries Inc. — a privately held commercial-foodservice-equipment manufacturer headquartered in Miami, Florida. The dataset is a complete Microsoft Dynamics GP environment: production databases, payroll records, system credentials, Autodesk Vault product-design backups, CNC fabrication programs, and all supporting infrastructure configuration. The exfiltration occurred on or about April 8, 2026; the attack was identified April 22, 2026. The exposed material includes: 15.8 GB of payroll-records database (PYREC) — full Employee Master with SSNs, DOBs, addresses, direct-deposit bank routing numbers, salary, W-4 tax data, garnishments, and check history dating to at least 2018. 30+ SQL Server login accounts with password hashes in a sp_help_revlogin dump — named employees, system admins (DYNSA, sa), service accounts, and Active Directory domain accounts. 74 GB of Autodesk Vault Professional backup — complete product-design history from 2019 through 2026, covering every product line Atlas Metal manufactures. Hundreds of CNC fabrication programs — laser-cutter and Amada punch-press G-code for the full catalogue of sheet-metal components. A base64-encoded SQL credential for the TimeClock Plus timekeeping system, stored in plaintext XML. 8 SQL Server databases with full backup chains — ATLAS (primary), PYREC (payroll), DYNAMICS (system), TEST (18 GB dev clone), TWO, AMIT, plus system databases (master, msdb, DynamicsGPSecurity).