Ransomware victim disclosure
← All victimsJangho Group (江河创建集团股份有限公司)
listed as [i2p-torrent]Jangho Group · Claimed by Ransomhouse · listed 2 years ago
Status timeline
- ListedOct 11, 2024
- Data leakeddate unknown
At a glance
- Group
- Ransomhouse
- Status
- Data leaked
- Country
- China
- Sector
- Business Services
- Listed on leak site
- Oct 11, 2024
- Data size
- 743 GB
- Ransom demanded
- $740
About the victim
AI dossier — public-source company profileJangho Group is a diversified Chinese conglomerate headquartered in Beijing, operating through multiple subsidiaries including Jangho Curtain Wall (architectural façade systems), Chengda Group, Gangyuan Decoration, SLD, Jangho Solar, and Vision Eye Care clinics across multiple Chinese cities. The group engages in building decoration, curtain wall manufacturing, solar photovoltaic systems, and medical services.
- Industry
- Construction & Building Materials; Architectural Decoration; Solar Energy; Healthcare (Ophthalmology)
- Address
- Beijing, China
Attack summary
Severity: high — Confirmed exfiltration of 743 GB of corporate data from a large diversified conglomerate with thousands of employees, multiple business divisions, and healthcare operations. Scale and diversity of data stolen indicates significant operational and reputational risk.Ransomware operator Ransomhouse claims to have encrypted Jangho Group's systems and exfiltrated approximately 743 GB of data. The group published this claim on their leak site with an alleged ransom demand of $740.
Data the group says was taken
AI dossier — extracted from the leak post- Corporate databases
- Business records
- Employee information
- Financial/operational data
What the group claims
Jangho Group Co., Ltd. (hereinafter referred to as “Jangho Group”, “the Company” or “we”, stock code: 601886) is a large multinational corporation listed on SSE A-share mainboard. Headquartered in Beijing, the Company was established in 1999 and formerly known as Beijing Jangho Curtain Wall Co., Ltd. By upholding the holy mission of “working for human’s living environment and health”, we are devoted to supplying green building system services and high-quality medical health services. The Company has two business sectors, i.e., building decoration and medical health, and has established several world’s famous brands such as JANGHO, Sundart, Gangyuan, SLD and Vision. With our business involving more than 20 countries and regions worldwide, we take lead in such fields as building curtain wall, interior decoration and design, PV building and eye medical treatment.
The leak post
captured from the group's site```
{"data":[{"id":"a1894b76b7004c75a3a0845799af49956592e3d9","display":"animated","header":"HOT NEWS","info":" Trellix is a global cybersecurity company.","url":"","sort":1,"views":"436242"},{"id":"336b257f582b17573c97578efd4b22762bf77344","sort":2,"header":"Trellix (McAfee & FireEye)","url":"https://www.trellix.com/","private":"false","revenue":"1.5-2 B$","employees":"5000","info":"Trellix is a global cybersecurity company formed from the October 2021 merger of McAfee Enterprise and FireEye. It provides services to over 50,000 business and government customers worldwide, protecting more than 200 million endpoints. The companys open and native extended detection and response (XDR) platform helps organizations confronted by todays most advanced threats gain confidence in the protection and resilience of their operations. Trellix, along with an extensive partner ecosystem, accelerates technology innovation through machine learning and automation to empower over 40,000 business and government customers with living security","statusDate":"DEPENDS ON YOU","status":"EVIDENCE","published":"NOT YET","action":"Encrypted","actionDate":"17/04/2026","volume":"~","content":"cybersecurity.html"…Sources
Source
Indexed 2 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

