Ransomware victim disclosure
← All victimsAlentec & Orion AB
listed as alentec.com · Claimed by Babuk2 · listed 1 year ago
Status timeline
- ListedJan 27, 2025
- Data leakeddate unknown
At a glance
- Group
- Babuk2
- Status
- Data leaked
- Country
- Sweden
- Sector
- Manufacturing
- Listed on leak site
- Jan 27, 2025
About the victim
AI dossier — public-source company profileAlentec & Orion AB is a Swedish manufacturer of lubricant and fluid handling equipment, including grease pumps, oil equipment, hose reels, and automated fluid monitoring systems (NEX·U® and OriLink®). The company serves automotive workshops, heavy machinery service, and industrial distribution sectors across multiple European markets.
- Industry
- Industrial Fluid & Lubrication Equipment Manufacturing
- Address
- Sweden (phone: +46 8 747 67 00)
Attack summary
Severity: high — Confirmed network compromise with ongoing access claimed by the threat actor, data exfiltration implied, and active extortion threat. However, no specific sensitive data categories (PII, financial records, trade secrets) are enumerated in the post, and no proof files are advertised.Babuk2 claims to have breached Alentec & Orion AB's network and exfiltrated data. The group states they continue to have access to the network and are pressuring the company to contact them, implying threat of data publication.
Data the group says was taken
AI dossier — extracted from the leak post- Business data
- Network files
- Company systems
What the group claims
This is a public request for Alentec & Orion AB, you don't have much time left to get in touch with us and help you resolve your security problems, we also continue to be in your networks and monitor you
Sources
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

