Ransomware victim disclosure
← All victimsRowad Modern Engineering (RME)
Claimed by Crypto24 · listed 2 months ago
Status timeline
- ListedMay 15, 2026
Current state: Listed for ransom
At a glance
- Group
- Crypto24
- Status
- Listed for ransom
- Country
- Egypt
- Sector
- Construction
- Listed on leak site
- May 15, 2026
- Data size
- 700GB
About the victim
AI dossier — public-source company profileRowad Modern Engineering (RME) is described in the leak post as a leading Egyptian construction conglomerate. Based on its name and sector classification, it operates in large-scale construction and engineering services within Egypt. No public site content was available to further detail its scale or specific operations.
- Industry
- Construction & Engineering
Attack summary
Severity: high — 700GB of exfiltrated proprietary data from a major construction conglomerate represents a significant confirmed data exfiltration event with substantial potential exposure of business-sensitive information, though no regulated PII, medical, or government data is specifically confirmed.The group crypto24 claims to have successfully exfiltrated 700GB of proprietary data from Rowad Modern Engineering (RME); no mention of encryption is made, suggesting this is an exfiltration-only incident.
Data the group says was taken
AI dossier — extracted from the leak post- Proprietary business data
- Internal company files
What the group claims
A leading Egyptian construction conglomerate
The leak post
captured from the group's site## Qatar Biomedical Research Institute (QBRI) QBRI is a premier research institute under Hamad Bin Khalifa University focused ... Rowad Modern Engineering (RME) is a leading Egyptian construction conglomerate s ... We have successfully acquired and exfiltrated 700GB of proprietary data from the ... Founded in 1993 in Monterrey, Mexico, Katcon is a leading global Tier 1 supplier ... ActionPower is an AI innovation company that automates documentation through 'da ... O'Farrell is a leading full service law firm in Argentina, with the longest trac ...
Data the group says was taken
- proprietary data
Screenshot of the leak post

Sources
Source
Indexed 2 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

