New 'Donut Leaks' extortion gang linked to recent ransomware attacks


Level 76
Thread author
Honorary Member
Top Poster
Content Creator
Apr 24, 2016
A new data extortion group named 'Donut Leaks' is linked to recent cyberattacks, including those on Greek natural gas company DESFA, UK architectural firm Sheppard Robson, and multinational construction company Sando.

Two victims disclosed these attacks without much information regarding who was involved.

Over the weekend, DESFA confirmed they suffered a cyberattack after Ragnar Locker leaked screenshots of allegedly stolen data.

Earlier this month, Sheppard Robson disclosed a ransomware attack and an extortion attempt but did not provide details about who hacked its network.

Finally, Hive Ransomware claimed last month to have attacked Sando but only released a small archive of files as 'proof' of the attack.

Strangely, the data for these victims have now appeared on the data leak site for a previously unknown extortion gang known as Donut Leaks. Furthermore, the data shared on the Donut Leaks site is far more extensive than that shared on the ransomware sites, indicating that this new threat actor was involved in the attacks.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.