Ransomware victim disclosure
← All victimsJangho Group (江河创建集团股份有限公司)
listed as Jangho Group · Claimed by Ransomhouse · listed 2 years ago
Status timeline
- ListedAug 19, 2024
- Data leakeddate unknown
At a glance
- Group
- Ransomhouse
- Status
- Data leaked
- Country
- China
- Sector
- Business Services
- Listed on leak site
- Aug 19, 2024
- Data size
- 743 GB
- Ransom demanded
- $740
About the victim
AI dossier — public-source company profileJangho Group (江河创建集团股份有限公司) is a Chinese conglomerate engaged in architectural decoration, curtain wall systems, and related construction services. The group operates multiple subsidiaries including Jangho Curtain Wall, Chengda Group, and Gangyuan Decoration, with international projects in Indonesia and across Asia. The company also has healthcare divisions (Vision Eye Care clinics) and renewable energy interests (solar photovoltaic operations).
- Industry
- Construction & Building Materials; Architecture & Decoration
Attack summary
Severity: high — 743 GB of exfiltrated data from a large multinational conglomerate with significant operational footprint across construction, healthcare, and energy sectors. Scale and confirmed exfiltration of business data warrants high severity, though lack of specific sensitive data categories (PII at scale, financial records, medical data) prevents critical classification.Ransomware operator claims encryption of Jangho Group systems and exfiltration of approximately 743 GB of data. The leak post displays a portfolio of multiple victim companies (primarily used for advertising purposes), with Jangho Group listed as the primary victim. No specific data categories are detailed in the excerpt provided.
Data the group says was taken
AI dossier — extracted from the leak post- Business operational data
- Corporate records
- Project documentation
What the group claims
Jangho Group Co., Ltd. (hereinafter referred to as “Jangho Group”, “the Company” or “we”, stock code: 601886) is a large multinational corporation listed on SSE A-share mainboard. Headquartered in Beijing, the Company was established in 1999 and formerly known as Beijing Jangho Curtain Wall Co., Ltd. By upholding the holy mission of “working for human’s living environment and health”, we are devoted to supplying green building system services and high-quality medical health services. The Company has two business sectors, i.e., building decoration and medical health, and has established several world’s famous brands such as JANGHO, Sundart, Gangyuan, SLD and Vision. With our business involving more than 20 countries and regions worldwide, we take lead in such fields as building curtain wall, interior decoration and design, PV building and eye medical treatment.
The leak post
captured from the group's site```
{"data":[{"id":"a1894b76b7004c75a3a0845799af49956592e3d9","display":"animated","header":"HOT NEWS","info":" Trellix is a global cybersecurity company.","url":"","sort":1,"views":"436242"},{"id":"336b257f582b17573c97578efd4b22762bf77344","sort":2,"header":"Trellix (McAfee & FireEye)","url":"https://www.trellix.com/","private":"false","revenue":"1.5-2 B$","employees":"5000","info":"Trellix is a global cybersecurity company formed from the October 2021 merger of McAfee Enterprise and FireEye. It provides services to over 50,000 business and government customers worldwide, protecting more than 200 million endpoints. The companys open and native extended detection and response (XDR) platform helps organizations confronted by todays most advanced threats gain confidence in the protection and resilience of their operations. Trellix, along with an extensive partner ecosystem, accelerates technology innovation through machine learning and automation to empower over 40,000 business and government customers with living security","statusDate":"DEPENDS ON YOU","status":"EVIDENCE","published":"NOT YET","action":"Encrypted","actionDate":"17/04/2026","volume":"~","content":"cybersecurity.html"…Sources
Source
Indexed 2 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

