Ransomware victim disclosure
← All victimsstanleyconsultants.com
Claimed by Cactus · listed 1 year ago
Status timeline
- ListedFeb 28, 2025
- Data leakeddate unknown
At a glance
- Group
- Cactus
- Status
- Data leaked
- Country
- United States
- Sector
- Business Services
- Listed on leak site
- Feb 28, 2025
- Ransom demanded
- $190.5M
- Estimated revenue
- $190.5M
About the victim
AI dossier — public-source company profileStanley Consultants is a member-owned engineering firm with over 110 years of history, operating in more than 20 offices worldwide. They provide engineering, design, and consulting solutions across energy, transportation, water, industrial, and infrastructure sectors, with work in all 50 U.S. states and more than 120 countries.
- Industry
- Engineering Consulting & Design Services
- Address
- 225 Iowa Ave, Muscatine, Iowa 52761, United States
Attack summary
Severity: high — Confirmed exfiltration of significant business data including customer information, project details, and contractual documents from a major engineering consultancy. The $190.5M revenue scale and global client base (120+ countries) indicate exposure of commercially sensitive and potentially client-identifying information.Cactus claims to have exfiltrated corporate documents, project drawings, customer information, contracts, and project data from Stanley Consultants. The group has published proof files and created Tor mirrors to advertise access to the stolen data.
Data the group says was taken
AI dossier — extracted from the leak post- corporate documents
- project drawings
- customer information
- contracts and agreements
- project data
- corporate correspondence
- roadway plans
- subconsultant agreements
- signalization plans
The group's post references roughly 5 proof files.
What the group claims
<p>Business Services.<br><br>“Stanley Consultants is a member-owned engineering firm with a rich history of helping clients across the globe solve complex challenges ranging from energy and transportation to water and industry. We have members in more than 20 offices worldwide, and we have worked in all 50 states and more than 120 countries.”<br><br>Website: <a href="https://www.stanleyconsultants.com/">https://www.stanleyconsultants.com/</a><br><br>Revenue : $190.5M<br><br>Address: 225 Iowa Ave, Muscatine, Iowa, 52761, United States<br><br>Phone Number: (563) 264-6600<br><br><mark class="marker-yellow"><strong>Download link #1:</strong></mark> <a href="https://6wuivqgrv2g7brcwhjw5co3vligiqowpumzkcyebku7i2busrvlxnzid.onion/STANLEYCONSULTANTS/PROOF/">https://6wuivqgrv2g7brcwhjw5co3vligiqowpumzkcyebku7i2busrvlxnzid.onion/STANLEYCONSULTANTS/PROOF/</a><br><br><mark class="marker-yellow"><strong>Mirror:</strong></mark> <a href="https://cactus5dqnqkppa5ayckiyk6dttpqwczdqphv5mxh4dkk5ct544q5aad.onion/STANLEYCONSULTANTS/PROOF/">https://cactus5dqnqkppa5ayckiyk6dttpqwczdqphv5mxh4dkk5ct544q5aad.onion/STANLEYCONSULTANTS/PROOF/</a><br><br><mark class="marker-yellow"><strong>DATA DESCRIPTIONS:</strong></mark> Corporate documents, projects, drawings, customer information, agreements\contracts, project data, corporate correspondence, etc.</p><p><img src="/uploads/TEDS_Subconsultant_Agreement_REVISED_Fully_Executed_af7d8d37b3.png" alt="TEDS Subconsultant Agreement_REVISED_Fully Executed.png"><img src="/uploads/20240402_H_015052_100_PP_QAQC_ROADWAY_PLANS_FOR_FOREST_REVIEW_313f1bce6c.png" alt="20240402_H.015052_100%PP_QAQC_ROADWAY_PLANS_FOR_FOREST_REVIEW.png"><img src="/uploads/045272_Advertisement_23530_Stanley_Consultants_LOR_9_13_22_feaab45c86.png" alt="045272-Advertisement 23530-Stanley Consultants LOR-9-13-22.png"><img src="/uploads/TWO_1_2022_04_Stanley_signed_56b42ba91c.png" alt="TWO 1_2022-04_Stanley-signed.png"><img src="/uploads/44972015201_PLANS_03_SIGNALIZATION_REV_2_5312f6
Sources
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

