Ransomware victim disclosure
← All victimsEmerson Electric Co. (Caltrol division)
listed as caltrol.com\$296.3M\USA\224GB\100% DISCLOSED · Claimed by Cactus · listed 1 year ago
Status timeline
- ListedMar 10, 2025
- Data leakeddate unknown
At a glance
- Group
- Cactus
- Status
- Data leaked
- Country
- United States of America
- Sector
- Technology
- Listed on leak site
- Mar 10, 2025
About the victim
AI dossier — public-source company profileCaltrol is a division or brand operating under Emerson Electric that specializes in process control systems, automation, and instrumentation for refining, petrochemical, life sciences, and chemical manufacturing. The company provides DeltaV control systems, valve solutions, and predictive maintenance services across multiple industrial verticals.
- Industry
- Industrial Automation & Process Control Systems
Attack summary
Severity: critical — Industrial control system operator (refining, petrochemical, life sciences) with exfiltrated operational data; exposure of control system designs and configurations poses direct risk to critical infrastructure and manufacturing continuity. Complete data disclosure (100%) with significant volume (224 GB) elevates risk.Cactus ransomware group claims to have compromised Caltrol and exfiltrated approximately 224 GB of data. The group has published 100% of the disclosed data, indicating complete operational data exposure.
Data the group says was taken
AI dossier — extracted from the leak post- Process control system configurations
- Industrial automation designs
- Technical documentation
- Customer/operational data
- Internal business records
Sources
- Victim sitecaltrol.com
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

