Ransomware victim disclosure
← All victimsSofo Foods
Claimed by Payoutsking · listed 11 months ago
Status timeline
- ListedAug 21, 2025
- Data leakeddate unknown
At a glance
- Group
- Payoutsking
- Status
- Data leaked
- Country
- United States
- Listed on leak site
- Aug 21, 2025
About the victim
AI dossier — public-source company profileSofo Foods is a family-owned food service distributor based in the Midwest with over 75 years of experience. Specializing in Italian and Mediterranean products, the company supplies restaurants and retailers across the Midwest and Southeastern US with a diverse range of deli items, produce, bakery goods, meats, cheeses, and other food products.
- Industry
- Food Service Distribution
- Founded
- 1949
Attack summary
Severity: medium — Data has been published by the group (disclosed status confirmed), but the leak post provides no specifics on data type, volume, or proof files. No operational impact stated. Food distribution company data is lower sensitivity than healthcare or finance.The ransomware group claims to have breached Sofo Foods and published data. No specific details on encryption, exfiltration method, or data categories are provided in the leak post.
Original description
AI-summarised, not from the leak postSofo Foods is a family-owned food distribution company specializing in Italian and Mediterranean products. Founded in 1949, the company offers a wide range of products including deli items, produce, bakery items, meats, and cheeses. Sofo Foods mainly serves restaurants and retailers in the midwest and southeastern regions of the United States. It also provides catering services, food preparation tips, and recipes to its clients.
Sources
Source
Indexed 11 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

