Ransomware victim disclosure
← All victimsGrupo Riquelme
Claimed by Nightspire · listed 8 days ago
Status timeline
- ListedJun 25, 2026
- Data leakeddate unknown
At a glance
- Group
- Nightspire
- Status
- Data leaked
- Country
- Paraguay
- Listed on leak site
- Jun 25, 2026
About the victim
AI dossier — public-source company profileGrupo Riquelme is a major Paraguayan business conglomerate operating for 74 years with 2,600 employees across multiple industrial and commercial units. The group manufactures and distributes beverages (beer, soft drinks, water), food products (pasta, cereals), operates supermarket chains (Cadena Real), and manages agricultural operations.
- Industry
- Beverages, Food Products & Retail
- Employees
- 2600
- Founded
- 1950
Attack summary
Severity: critical — Confirmed exfiltration of regulated financial data (banking records, accounting ledgers), customer PII at scale (2,600+ employees, retail customer base), HR data, and critical business systems. Data published status indicates proof already disclosed.The nightspire group claims to have exfiltrated a full database backup including banking & financial data, accounting records, customer databases, HR workforce data, user permissions, and ERP/critical business application data. No ransom demand is stated in the available disclosure.
Data the group says was taken
AI dossier — extracted from the leak post- Full database backup
- Banking & financial data
- Accounting & ledger records
- Customer databases
- HR / workforce data
- User, role & permission data
- ERP & critical business application data
What the group claims
- Full Database Backup- Banking & Financial Data- Accounting & Ledger Records- Customer Databases- HR / Workforce Data- User, Role & Permission data- ERP & Critical Business Application Data
Sources
- Victim sitewww.gruporiquelme.com
Source
Indexed 8 days agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

