Ransomware victim disclosure
← All victimsAmtivo
listed as orion4value.com · Claimed by Settra · listed 3 days ago
Status timeline
- ListedJun 30, 2026
- Data leakeddate unknown
At a glance
- Group
- Settra
- Status
- Data leaked
- Country
- Germany
- Sector
- Business Services
- Listed on leak site
- Jun 30, 2026
About the victim
AI dossier — public-source company profileAmtivo is an ISO certification and compliance specialist offering certification services across quality management (ISO 9001), environmental management (ISO 14001), information security (ISO 27001), aerospace, automotive, and recycling standards. They provide both certifications and professional training courses to help organizations achieve and maintain standards compliance.
- Industry
- ISO Certification & Compliance Services
Attack summary
Severity: medium — Confirmed data exfiltration of financial and business documents from a certification services company. No explicit indication of PII-at-scale, but financial data carries moderate sensitivity. Post truncation limits visibility into actual proof volume and data scope.The Settra group claims to have exfiltrated documents from Orion Registrar Inc., specifically citing financial reports and certificate-related materials as vulnerabilities. The post references 'documents' but provides minimal detail on the scope or nature of data compromised.
Data the group says was taken
AI dossier — extracted from the leak post- financial reports
- certification documents
- business records
What the group claims
THE CERTIFICATE AS A VULNERABILITY: Documents of Orion Registrar Inc. PROLOGUE Financial reports and...
Sources
Source
Indexed 3 days agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

