Ransomware victim disclosure
← All victimsPilini
listed as pilini.bg · Claimed by Ransomed · listed 3 years ago
Status timeline
- ListedSep 9, 2023
- Data leakeddate unknown
At a glance
- Group
- Ransomed
- Status
- Data leaked
- Country
- Bulgaria
- Sector
- Food & Agriculture
- Listed on leak site
- Sep 9, 2023
- Ransom demanded
- $8.000
About the victim
AI dossier — public-source company profilePilini is a Bulgarian women's fashion retailer operating physical stores in Varna and Ruse, as well as an online shop at pilini.bg. The company sells clothing, footwear, handbags, and accessories, with free delivery offered on orders above a threshold. It appears to be a small-to-medium independent retailer with at least two retail locations and a warehouse.
- Industry
- Women's Fashion Retail & E-commerce
- Address
- гр. Варна, бул. Княз Борис 56, Варна, Bulgaria (main store); гр. Русе, бул. Липник 121, Mall Rousse, ниво 0, Ruse, Bulgaria (second store); гр. Варна, ул. Цариброд 92, Варна, Bulgaria (warehouse)
Attack summary
Severity: medium — Data is marked as published and exfiltration is claimed, but no specific sensitive regulated data (e.g., payment card data, large-scale PII) is confirmed, no data volume is provided, and the ransom is low ($8,000), suggesting a small-scale target. The e-commerce nature raises some PII concern but evidence is insufficient for 'high' or 'critical'.The ransomware group 'Ransomed' claims to have exfiltrated all data from Pilini and demanded an $8,000 ransom for the return of backups. The disclosure status indicates data has been published, though no specific data volume was stated.
Data the group says was taken
AI dossier — extracted from the leak post- Business data (unspecified)
- Customer account data (potential, given e-commerce platform)
- Backup files
What the group claims
You have been hacked, all your data is now mine, if you want to get your backups back you will have to pay us.We require a ransom of $8,000
Sources
- Victim sitepilini.bg
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

