Ransomware victim disclosure
← All victimsSkender Construction
Claimed by Underground · listed 2 years ago
Status timeline
- ListedMay 1, 2024
- Data leakeddate unknown
At a glance
- Group
- Underground
- Status
- Data leaked
- Country
- United States
- Sector
- Business Services
- Listed on leak site
- May 1, 2024
- Ransom demanded
- $318.3M
- Estimated revenue
- $318.3M
About the victim
AI dossier — public-source company profileSkender is a premier construction company operating across diverse markets including healthcare, education, affordable housing, hospitality, and industrial sectors. Based in Chicago with offices in Indianapolis, the firm specializes in collaborative construction delivery using Lean methodologies and advanced technologies.
- Industry
- Construction & Project Management
- Address
- Chicago, IL 60661 (headquarters); Indianapolis, IN (office)
- Employees
- 501-1000
Attack summary
Severity: low — No proof files, screenshots, or sample data published. No confirmation of exfiltration or operational disruption. Post appears to be an announcement/listing only; revenue figure may be public knowledge.The Underground group claims to have compromised Skender Construction. The post discloses the company's revenue ($318.3M) but provides no detail on data exfiltration, encryption scope, or specific data types accessed.
What the group claims
Revenue:$318.3 Million - Country :USA
Sources
Source
Indexed 2 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

