Ransomware victim disclosure
← All victimsManuaço, S.A.
listed as manuaco.pt · Claimed by LockBit · listed 7 months ago
Status timeline
- ListedDec 26, 2025
- Data leakeddate unknown
At a glance
- Group
- LockBit
- Status
- Data leaked
- Country
- Portugal
- Sector
- Manufacturing
- Listed on leak site
- Dec 26, 2025
About the victim
AI dossier — public-source company profileManuaço, S.A. is a Portuguese company founded in 2006 specialising in metal structures engineering, fabrication and installation, including façades, roofing, civil locksmithing, decorative systems, corporate signage, urban furniture, and general contracting. The company also manufactures self-service car-wash structures ('Jet-Wash') and develops industrial equipment incorporating electromechanics, automation, and hydraulics. It holds a Class 5 construction licence and has carried out projects for clients including McDonald's Spain.
- Industry
- Metal Structures Fabrication & Architectural Metalwork
- Address
- Portugal
- Founded
- 2006
Attack summary
Severity: high — Data has been published (confirmed exfiltration and release) by LockBit, a prolific ransomware group. While no regulated personal data at scale is explicitly confirmed, the publication of business data including likely client, financial, and project records constitutes significant confirmed exfiltration warranting a high severity rating.LockBit claims to have attacked Manuaço, S.A. and the disclosure status is marked as data_published, indicating that exfiltrated data has been released or made available on the group's leak site. No specific ransom amount or data volume was stated in the post.
Data the group says was taken
AI dossier — extracted from the leak post- Company operational data
- Client and partner records
- Project documentation
- Corporate financial records
- Employee information
What the group claims
A empresa MANUAÇO iniciou a sua atividade em 2006 tendo como único sócio administrador José Fernando...
Sources
- Victim sitemanuaco.pt
Source
Indexed 7 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

