Ransomware victim disclosure
← All victimsrhactushotel.com
Claimed by Lockbit5 · listed 2 months ago
Status timeline
- ListedMay 7, 2026
- Data leakeddate unknown
At a glance
- Group
- Lockbit5
- Status
- Data leaked
- Country
- Egypt
- Sector
- Hospitality and Tourism
- Listed on leak site
- May 7, 2026
About the victim
AI dossier — public-source company profileRhactus Hotel is a premier hotel located in El-Alamein, North Coast, Egypt, approximately 6.7 km from New Alamein City. The property offers a range of accommodation options including deluxe rooms, suites, and apartments, alongside dining, gym and spa, and meetings and events facilities. It markets itself as a business and leisure destination on the Egyptian Mediterranean coast.
- Industry
- Hospitality & Hotel Accommodation
- Address
- K 102, Alexandria Matrouh Coastal Road, El-Alamein, North Coast, Egypt
Attack summary
Severity: high — Data has been published by the group (data_published status), indicating confirmed exfiltration rather than a mere listing. Hotel guest data likely includes PII such as names, contact details, and payment information, elevating severity beyond medium.LockBit 5 claims to have attacked Rhactus Hotel and has published data (disclosed status: data_published), though the specific nature of the exfiltrated content and its volume are not detailed in the available post excerpt.
Data the group says was taken
AI dossier — extracted from the leak post- Guest personal information
- Reservation and booking records
- Hotel operational data
- Contact and communication records
What the group claims
Rhactus Hotel is a premier accommodation provider located in El-Alamein, Egypt, offering a variety o...
Sources
Source
Indexed 2 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

