Ransomware victim disclosure
← All victimsD-klima
listed as d-klima.cz · Claimed by LockBit · listed 7 months ago
Status timeline
- ListedDec 26, 2025
- Data leakeddate unknown
At a glance
- Group
- LockBit
- Status
- Data leaked
- Country
- Czech Republic
- Listed on leak site
- Dec 26, 2025
About the victim
AI dossier — public-source company profileD-klima is a Czech family-owned company founded in 1991 that manufactures HVAC (heating, ventilation, and air-conditioning) components, including ducting, fittings, silencers, fans, and distribution elements. The company supplies products globally and offers wholesale pricing to installation firms. It emphasises quality materials, precision machinery, and rapid prototyping using 3D software.
- Industry
- HVAC Components Manufacturing
- Founded
- 1991
Attack summary
Severity: high — Data has been confirmed as published by LockBit, indicating successful exfiltration. While the sector is not critical infrastructure and no regulated personal data at scale is explicitly confirmed, a data_published status from a prolific ransomware group represents significant confirmed data exposure warranting a high severity rating.LockBit claims an attack on D-klima and has published data (disclosed status: data_published), indicating exfiltration of company data, though the specific volume and nature of the exfiltrated data are not detailed in the truncated post.
Data the group says was taken
AI dossier — extracted from the leak post- Company business data
- Customer records
- Operational/internal documents
What the group claims
D-klima is a company dealing in heating, ventilation and air-conditioning (HVAC) solutions, with a t...
Sources
- Victim sited-klima.cz
Source
Indexed 7 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

