Ransomware victim disclosure
← All victimsAB Hedbergs Mekaniska Verkstad
listed as Hedbergs · Claimed by Ransomhouse · listed 2 years ago
Status timeline
- ListedMay 22, 2024
- Data leakeddate unknown
At a glance
- Group
- Ransomhouse
- Status
- Data leaked
- Country
- Sweden
- Sector
- Business Services
- Listed on leak site
- May 22, 2024
- Data size
- 743 GB
- Ransom demanded
- $740
About the victim
AI dossier — public-source company profileAB Hedbergs Mekaniska Verkstad is a Swedish manufacturing company based in Habo, near Jönköping. They operate as a complete system supplier offering product development, production, procurement, assembly, warehousing, and logistics services. The company has invested in modern panel-bending machinery (Prima Power EBe 2720) and emphasizes quality control throughout the manufacturing chain.
- Industry
- Contract Manufacturing & Metal Fabrication
- Address
- Snickaregatan 5, 566 33 Habo, Sweden
Attack summary
Severity: medium — Large data volume (743 GB) exfiltrated from a manufacturing company, but no specific proof files advertised and no indication of regulated data (PII at scale, medical, financial) in the available excerpt. Encryption confirmed but disclosure appears generic within a bulk listing.Ransomhouse claims to have encrypted Hedbergs' systems. The leak post indicates 743 GB of data was exfiltrated, though the post itself appears to be a bulk listing of multiple victim companies rather than a detailed disclosure specific to Hedbergs.
Data the group says was taken
AI dossier — extracted from the leak post- Business records
- Customer data
- Operational files
- Production systems
What the group claims
We are strongly influenced by a history of technology ambitions and a fearless mindset. For seven decades we have paved the way for technological development and shouldered great challenges. We hold a strong legacy that has shaped us to a reliable partner who knows the importance to work in a close collaboration. Therefor we can be sure to always exceed your expectations.
The leak post
captured from the group's site```
{"data":[{"id":"a1894b76b7004c75a3a0845799af49956592e3d9","display":"animated","header":"HOT NEWS","info":" Trellix is a global cybersecurity company.","url":"","sort":1,"views":"436242"},{"id":"336b257f582b17573c97578efd4b22762bf77344","sort":2,"header":"Trellix (McAfee & FireEye)","url":"https://www.trellix.com/","private":"false","revenue":"1.5-2 B$","employees":"5000","info":"Trellix is a global cybersecurity company formed from the October 2021 merger of McAfee Enterprise and FireEye. It provides services to over 50,000 business and government customers worldwide, protecting more than 200 million endpoints. The companys open and native extended detection and response (XDR) platform helps organizations confronted by todays most advanced threats gain confidence in the protection and resilience of their operations. Trellix, along with an extensive partner ecosystem, accelerates technology innovation through machine learning and automation to empower over 40,000 business and government customers with living security","statusDate":"DEPENDS ON YOU","status":"EVIDENCE","published":"NOT YET","action":"Encrypted","actionDate":"17/04/2026","volume":"~","content":"cybersecurity.html"…Sources
Source
Indexed 2 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

