Ransomware victim disclosure
← All victimsMakro Thailand (Siam Makro PCL)
listed as Makro · Claimed by Ransomhouse · listed 8 months ago
Status timeline
- ListedNov 20, 2025
- Data leakeddate unknown
At a glance
- Group
- Ransomhouse
- Status
- Data leaked
- Country
- Netherlands
- Sector
- Consumer Services
- Listed on leak site
- Nov 20, 2025
- Data size
- 743 GB
- Ransom demanded
- $740
About the victim
AI dossier — public-source company profileSiam Makro PCL (Makro) is a Thai wholesale cash-and-carry operator headquartered in Bangkok, Thailand, operating under the brand www.makro.co.th. The company sells food, non-food, and foodservice products in bulk to business customers including restaurants, hotels, and small retailers across Thailand and Southeast Asia. It is a subsidiary of CP ALL PCL and operates one of the largest wholesale distribution networks in Thailand.
- Industry
- Wholesale Cash & Carry Retail
- Address
- 1468 Phatthanakan Road, Suan Luang, Bangkok 10250, Thailand
- Employees
- 10000
- Founded
- 1988
Attack summary
Severity: high — 743 GB of data has been published by the group from a large-scale wholesale retailer, indicating significant confirmed exfiltration of substantial business data at scale, likely including customer, supplier, and financial records.RansomHouse claims to have exfiltrated approximately 743 GB of data from the victim's systems; the post is marked as data_published indicating the data has been or is being released. No separate encryption claim is explicitly stated in the visible excerpt.
Data the group says was taken
AI dossier — extracted from the leak post- Internal database files
- Business records
- Operational data
What the group claims
Makro is a wholesale center specializing in consumer goods and food products. It provides a wide range of products for its members and business operators across the country. The company offers comprehensive services for food businesses aimed at professional operators. Its target clients include both individual members and various business enterprises
The leak post
captured from the group's site```
{"data":[{"id":"a1894b76b7004c75a3a0845799af49956592e3d9","display":"animated","header":"HOT NEWS","info":" Trellix is a global cybersecurity company.","url":"","sort":1,"views":"436242"},{"id":"336b257f582b17573c97578efd4b22762bf77344","sort":2,"header":"Trellix (McAfee & FireEye)","url":"https://www.trellix.com/","private":"false","revenue":"1.5-2 B$","employees":"5000","info":"Trellix is a global cybersecurity company formed from the October 2021 merger of McAfee Enterprise and FireEye. It provides services to over 50,000 business and government customers worldwide, protecting more than 200 million endpoints. The companys open and native extended detection and response (XDR) platform helps organizations confronted by todays most advanced threats gain confidence in the protection and resilience of their operations. Trellix, along with an extensive partner ecosystem, accelerates technology innovation through machine learning and automation to empower over 40,000 business and government customers with living security","statusDate":"DEPENDS ON YOU","status":"EVIDENCE","published":"NOT YET","action":"Encrypted","actionDate":"17/04/2026","volume":"~","content":"cybersecurity.html"…Sources
Source
Indexed 8 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

