Skip to main content

Ransomware victim disclosure

All victims

吉林省药品监督管理局 (Jilin Provincial Drug Regulatory Administration)

listed as AG真人 · Claimed by Pryx · listed 2 months ago

2m
Age
since listed · listed for ransom

Status timeline

  1. ListedMay 15, 2026

Current state: Listed for ransom

At a glance

Group
Pryx
Status
Listed for ransom
Country
China
Listed on leak site
May 15, 2026

About the victim

AI dossier — public-source company profile

The Jilin Provincial Drug Regulatory Administration (吉林省药品监督管理局) is the provincial-level government authority in Jilin Province, China, responsible for regulating pharmaceuticals, medical devices, and cosmetics. It oversees drug production and distribution licensing, medical device registration and approval, cosmetics quality supervision, and enforcement of drug laws across Jilin Province. The agency publishes regulatory notices, quality announcements, and administrative approval results for industry and the public.

Industry
Government Drug & Medical Device Regulation
Address
吉林省长春市经济技术开发区湛江路657号(仙台大街与湛江路交会处), Changchun, Jilin Province, China

Attack summary

Severity: high — The victim is a provincial government regulatory authority handling regulated pharmaceutical, medical device, and licensing data including personally identifiable information of licensed professionals and detailed industry compliance records. Compromise of a government healthcare regulator constitutes a high-severity incident involving sensitive regulatory and administrative data, even absent explicit confirmation of large-scale exfiltration.

The Pryx group has listed the Jilin Provincial Drug Regulatory Administration as a victim, claiming access to its web presence and internal content; the post does not explicitly state encryption or quantified exfiltration, but references to internal regulatory documents and administrative systems suggest potential data exposure.

high

Data the group says was taken

AI dossier — extracted from the leak post
  • Medical device registration approval records
  • Drug production licence issuance and revocation notices
  • Drug distribution licence records
  • Cosmetics production licence records
  • Pharmaceutical quality inspection reports
  • Registered pharmacist credential records
  • Administrative approval results
  • Internal regulatory notification documents
  • Government procurement records
  • Annual budget and financial reports

What the group claims

Chinese medical device regulatory authority publishing notices about Class II medical device registration approval processes and announcements.

The leak post

captured from the group's site
* [AG真人关于印发《第二类医疗器械注册审批流程》的通知 吉药监械注册〔2026...](https://www.pryx.cc/zxfw_84842/tzwj/202603/t20260325_9456045.html "AG真人关于印发《第二类医疗器械注册审批流程》的通知     吉药监械注册〔2026〕10 号")


  * [AG真人 关于批准注册医疗器械产品的公告 (2026年第4期)](https://www.pryx.cc/zxfw_84842/gsgg/pgzg/202605/t20260508_9587321.html "AG真人  关于批准注册医疗器械产品的公告  (2026年第4期)")

Screenshot of the leak post

Leak screenshot for AG真人

Sources

Source

Indexed 2 months ago

This page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.

Is this your supplier? Your competitor? You?

Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

Disclosure context

About Pryx

Auto-discovered from ransomware tracking sources The group has been linked to 6 public disclosures across our corpus. First observed on a leak site on May 15, 2026; most recent post June 4, 2026. The operation is currently active.

Timeline of this disclosure

  • May 15, 2026AG真人 listed by Pryxon the group's public leak site

Sector and geography

This disclosure adds to ransomware activity in the Government/Healthcare Regulation sector. Geographically, AG真人 is reported in China, a country with 72 ransomware disclosures in our corpus.

If your organisation is affected

A listing by Pryx means AG真人 appeared on a ransomware extortion site and is being pressured to pay before any publication. If this is your organisation, or a supplier you depend on, the priority is to confirm the intrusion and contain it before the window to act closes.

  • Engage your incident-response team and preserve forensic evidence before remediating — do not wipe affected systems first.
  • Force a password reset and revoke active sessions for exposed accounts; rotate any credentials, API keys or certificates that may have been in the stolen data.
  • Assess regulatory notification duties (GDPR, NIS2, sector regulators) — many carry a 72-hour reporting clock from awareness.
  • Monitor for the data appearing on Pryx's leak site and across paste and breach channels, and brief downstream partners who may be exposed through you.

How we know this. Darkfield monitors public ransomware leak sites continuously, archiving every new disclosure and the data later released against the victim. Each entry on this page is sourced from the operator's own publication and cross-checked against complementary OSINT feeds (RansomLook, ransomware.live, RansomWatch). We do not collect or host stolen data — only the metadata, timestamps and screenshots needed to make the public disclosure searchable and accountable. Records here are corrected when the original post is edited, retracted, or merged with another disclosure.