Ransomware victim disclosure
← All victimsFerretería EPA
Claimed by Royal · listed 3 years ago
Status timeline
- ListedMar 10, 2023
- Data leakeddate unknown
At a glance
- Group
- Royal
- Status
- Data leaked
- Country
- Venezuela
- Sector
- Retail & Consumer
- Listed on leak site
- Mar 10, 2023
- Ransom demanded
- $500M
About the victim
AI dossier — public-source company profileFerretería EPA is a large retail chain specializing in hardware and home improvement products, headquartered in Valencia, Carabobo, Venezuela. The company operates across multiple Latin American countries including Venezuela, Costa Rica, Guatemala, and El Salvador. It employs between 2,001 and 5,000 people and is estimated to generate $500M–$1B in annual revenue.
- Industry
- Hardware & Home Improvement Retail
- Address
- Valencia, Carabobo, Venezuela
- Employees
- 2001-5000
Attack summary
Severity: high — Data has been published by the group (data_published status) from a large multi-country retailer with 2,001–5,000 employees, indicating confirmed exfiltration of significant business data at scale, likely including employee PII and financial records.The Royal ransomware group claims to have compromised Ferretería EPA and published data, with a ransom demand of $500M stated in the leak post. The disclosure status is marked as data_published, indicating exfiltration and/or publication of company data.
Data the group says was taken
AI dossier — extracted from the leak post- Company financial records
- Employee data
- Operational business data
What the group claims
Ferretería EPA is a company that operates in the Environmental Services industry. It employs 2,001-5,000 people and has $500M-$1B of revenue. The company is headquartered in Valencia, Carabobo, Venezuela.
Sources
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

