Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo Grupo NGN

Group: Alphv

Discovered by ransomware.live: 2023-07-26

Estimated attack date: 2022-12-01

Description:

Grupo NGN has refused to protect their customers' data and access to their networks. This link (TOR) contains Grupo NGN's random files: http://qojfcbvlumvzmiu4tyixawquk6bjiwv74aeaubxwtq7rmw4qq7sv2jad.onion/GRUPGN/ Auction ends Dec. 8 for all sensetive data of Grupo NGN and their customers, including - Access to multiple networks of Grupo NGN clients (with their networks secured, password changes will not help defend against an attack) - NDA documents and records of Grupo NGN customers' conversations - Personal data about employees and customers of Grupo NGN - Financial information of Grupo NGN and their clients that can be used for criminal purposes To participate in an auction to purchase Grupo NGN and their customer data, you can email: grupongndatasale@proton.me GRUPONGN.COM HACKED. MORE THAN 200GB OF SENSITIVE DATA STOLEN.


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • abuse ionos.com
  • dataprivacyprotected ionos.de
MX Records
  • grupongn.in.tmes.trendmicro.com.
  • grupongn-com.mail.protection.outlook.com.
TXT Records
  • site24x7-signals-domain-verification=dcb2bbe383244f773a1b196133ecc4a5
  • MS=ms79953845
  • google-site-verification=nqARhc2cpGDO5iZGfYkFIu6WYEHhVOlUluaP8McgxBA
  • v=spf1 include:transmail.net include:spf.protection.outlook.com include:mail.zohoanalytics.com include:zcsend.net include:zeptomail.net include:spf.tmes.trendmicro.com include:spf-us.emailsignatures365.com include:ngncontactcenter.onmicrosoft.com include:" "50246737.spf08.hubspotemail.net include:mailgun.org ip4:162.252.248.0/22 ~all
  • facebook-domain-verification=3ysldmhoh8ixildbqjm4fnzoi4q9c5
  • hes=b60467ef1949b47f3eded4095ec9bf91
Cloud / SaaS Services Detected
HubSpot Microsoft 365 Mailgun

Leak Screenshot:

Leak Screenshot

Legal Disclaimer: Ransomware.live does not engage in the acquisition, exfiltration, downloading, possession, hosting, access, consultation, redistribution, or disclosure of unlawfully obtained data. This platform indexes only publicly visible information posted by ransomware operators and open web sources without accessing or obtaining the underlying stolen content. The service is provided to support public awareness, legitimate research, and cyber-resilience. No stolen personal or confidential data is collected or distributed via this site.