Ransomware victim disclosure
← All victimsAeroWorx
Claimed by Frag · listed 1 year ago
Status timeline
- ListedMar 24, 2025
- Data leakeddate unknown
At a glance
- Group
- Frag
- Status
- Data leaked
- Country
- United States
- Sector
- Manufacturing
- Listed on leak site
- Mar 24, 2025
About the victim
AI dossier — public-source company profileAeroWorx is an FAA-certified repair station specializing in the repair and overhaul of pneumatic, hydraulic, electromechanical, and fuel systems and components for aviation and aerospace applications.
- Industry
- Aviation & Aerospace Component Repair & Overhaul
Attack summary
Severity: critical — Confirmed exfiltration of PII at scale (employee passports and personal documents) combined with sensitive business data (financial statements, NDAs, internal agreements). FAA repair station status adds regulatory sensitivity for aerospace/defense supply chain.The frag group claims to have exfiltrated corporate internal documents, financial statements, non-disclosure agreements, and employee personal documents including passports from AeroWorx.
Data the group says was taken
AI dossier — extracted from the leak post- Corporate internal documents
- Internal agreements
- Financial statements
- Non-disclosure agreements
- Employee passports
- Personal identification documents
What the group claims
Aviation and Aerospace Component Manufacturing AeroWorx has quickly grown to become a leading FAA repair station dedicated to the repair and overhaul of pneumatic, hydraulic, electromechanical and fuel systems & components. Our team was successful in extracting the following documents: Corporate internal documents and agreements Financial statements of the company The icing on the cake: Non-disclosure agreements Employee passports and other personal documents
Sources
- Victim siteaero-worx.com
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

