Ransomware victim disclosure
← All victimsCarolina Mechanical Group
listed as www.carolinaac.com · Claimed by RansomHub · listed 1 year ago
Status timeline
- ListedMar 25, 2025
- Data leakeddate unknown
At a glance
- Group
- RansomHub
- Status
- Data leaked
- Country
- United States
- Sector
- Consumer Services
- Listed on leak site
- Mar 25, 2025
About the victim
AI dossier — public-source company profileCarolina Mechanical Group is an employee-owned HVAC and electrical contracting company based in Raleigh, North Carolina, serving single-family home builders and residential clients in the Raleigh-Durham area. Founded in 1947, the company has over 75 years of experience delivering installation, repair, and maintenance services with a focus on quality, safety, and customer relationships.
- Industry
- HVAC & Electrical Contracting
- Address
- 2728 Capital Blvd. Raleigh, NC 27604
- Founded
- 1947
Attack summary
Severity: low — No proof files, screenshots, or data samples are advertised. No specific data exfiltration or encryption impact is described in the leak post. The disclosure appears to be a listing/announcement only.RansomHub claims to have attacked Carolina Mechanical Group. The leak post provides minimal detail on the attack method or data exfiltration; no specific data types or operational disruption are confirmed in the available disclosure.
Original description
AI-summarised, not from the leak postCarolina Heating Service Inc. is a heating and cooling system company based in South Carolina. They offer a wide range of services that include installation and repair of air conditioning systems, heating systems, water heaters, generators, and more. They are known for their exceptional customer service.
Sources
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

