Ransomware victim disclosure
← All victimsKeystone Engineering
Claimed by Spacebears · listed 2 years ago
Status timeline
- ListedAug 2, 2024
- Data leakeddate unknown
At a glance
- Group
- Spacebears
- Status
- Data leaked
- Country
- United States
- Sector
- Business Services
- Listed on leak site
- Aug 2, 2024
About the victim
AI dossier — public-source company profileKeystone Engineering Company is a family-owned manufacturer specializing in composite materials and oilfield equipment, with over 65 years of experience. They produce formation measurement instrument assemblies for wireline, MWD, and LWD applications, as well as high-temperature composite bridge plugs rated to 400°F.
- Industry
- Oilfield Equipment Manufacturing & Composite Fabrication
- Founded
- 1950
Attack summary
Severity: high — Confirmed exfiltration of sensitive business data (financial records, technical drawings) combined with employee PII exposure. Manufacturing/design data for oilfield equipment could have operational or competitive impact.Spacebears claims to have exfiltrated technical drawings, financial documents, employee personal information, and QuickBooks backup files from Keystone Engineering.
Data the group says was taken
AI dossier — extracted from the leak post- technical drawings
- financial documents
- employee personal information
- QuickBooks backups
What the group claims
Keystone is a family business with over 65 years of proven manufacturing and composite material fabrication experience in the oilfield industry.Since 1950 Keystone Engineering Company has maintained a proven reputation for reliable products in the oilfield industry. Product experience includes the manufacture and production of formation measurement instrument assemblies for wireline, MWD, and LWD; and the manufacture and production of high-temperature, 400° F (204° C), composite bridge plugs. -drawings-financial documents-personal information of employees-quickbook backups http://keystoneeng.com
Sources
Source
Indexed 2 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

