Ransomware victim disclosure

Landkreis Limburg-Weilburg

listed as Kreisvolkshochschule Limburg-Weilburg e.V. · Claimed by Abyss · listed 20 hours ago

132GB uncompressed

Data size

$50

Ransom

demanded

Today

Age

since listed · listed for ransom

Status timeline

Listed
Jun 3, 2026

Current state: Listed for ransom

At a glance

Group: Abyss
Status: Listed for ransom
Country: DE
Sector: Government
Listed on leak site: Jun 3, 2026
Data size: 132GB uncompressed
Ransom demanded: $50

About the victim

AI dossier — public-source company profile

Landkreis Limburg-Weilburg is the district administration of Limburg-Weilburg County in Hesse, Germany. With approximately 950 employees, it provides a wide range of public services to district residents including education, social services, health coordination, traffic/transport regulation, waste management, and general administrative functions.

Industry: Local Government Administration
Address: Limburg-Weilburg County, Hesse, Germany
Employees: 950

Attack summary

Severity: critical — Local government administration holds regulated PII at scale (resident data, welfare records, employment records) and sensitive administrative/financial data. Exfiltration of 132 GB from a district serving thousands of residents represents exposure of sensitive personal and government data. Government sector is critical infrastructure.

The Abyss group claims to have exfiltrated 132 GB of uncompressed data from the district administration. The group states that passwords and data will be published later, indicating both encryption and data theft.

critical

Data the group says was taken

AI dossier — extracted from the leak post

Administrative records
Personnel files
Resident data
Government communications
Financial records
Education administration data

What the group claims

The district administration of Limburg-Weilburg County in the state of Hesse, Germany. The organization performs local government functions and is responsible for a wide range of public services for the district's residents.

The leak post

captured from the group's site

```
let data = [
{
        'title' : 'School Facility Consultants',
        'short' : 's-f-c.org 1.3Tb uncompressed data',
        'full' : 'School Facility Consultants <br>' +
                 'School Facility Consultants (SFC) is a full-service company that provides expert guidance in school facility planning and funding for School Districts, County Offices of Education, and Charter Schools across California.<br>'+
            'password and data will be published later <br>'+
            'Link â„–1 Filelist',
        'links' : [

        ]
},
{
        'title' : 'landkreis-limburg-weilburg.de',
        'short' : 'landkreis-limburg-weilburg.de 132Gb uncompressed data',
        'full' : 'Kreisvolkshochschule Limburg-Weilburg e.V. <br>' +
                 'The district administration of Limburg-Weilburg County in the state of Hesse, Germany. The organization performs local government functions and is responsible for a wide range of public services for the district\'s residents.<br>'+
            'password and data will be published later <br>'+
            'Link â„–1 Filelist',
        'links' : [

        ]
},
{
        'title' : 'technic.com',
        'short' : 'technic.com ',
   …

Screenshot of the leak post

Leak screenshot for Kreisvolkshochschule Limburg-Weilburg e.V.

Sources

Victim sitelandkreis-limburg-weilburg.de
Leak posthttp://3ev4metjirohtdpshsqlkrqcmxq6zu3d7obrdhglpy5jpbr7whmlfgqd.onion/static/data.js

Source

Indexed 20 hours ago

This page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.

Is this your supplier? Your competitor? You?

Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

Disclosure context

About Abyss

Abyss is a relatively new ransomware group that emerged in March 2023, operating with primarily financial motivations and targeting organizations across multiple sectors with a focus on English-speaking countries. The group's origin and affiliations remain largely undocumented by major security agencies, though their targeting patterns suggest they operate independently rather than as a Ransomware-as-a-Service model. Their attack methodology and specific tools have not been extensively documented by major threat intelligence firms, though their victim profile of 87 organizations indicates they employ effective initial access techniques to compromise business services, technology, healthcare, and agriculture sectors. The group demonstrates a clear geographic preference for targets in the United States, United Kingdom, Canada, Switzerland, and Hong Kong, suggesting either language preferences or specific regional access capabilities. Due to the group's recent emergence and relatively limited public documentation from established security researchers, detailed information about notable campaigns, encryption methods, or law enforcement actions remains scarce. Abyss appears to remain active as of current reporting, though the lack of extensive public analysis by major threat intelligence organizations suggests they may operate at a smaller scale compared to more prominent ransomware families. The group has been linked to 102 public disclosures across our corpus. First observed on a leak site on March 21, 2023; most recent post June 3, 2026. The operation is currently active.

Timeline of this disclosure

June 3, 2026Kreisvolkshochschule Limburg-Weilburg e.V. listed by Abysson the group's public leak site

Data size: 132GB uncompressed
Ransom demanded: $50

Other recent disclosures by Abyss

Abyss has been linked to 102 public victims on Darkfield. A sample of the most recent: