Ransomware victim disclosure
← All victimsHELIX INTERNATIONAL
Claimed by Dragonforce · listed 2 months ago
Status timeline
- ListedMay 24, 2026
- Data leakeddate unknown
At a glance
- Group
- Dragonforce
- Status
- Data leaked
- Country
- United Kingdom
- Listed on leak site
- May 24, 2026
About the victim
AI dossier — public-source company profileHelix International is a software platform and managed services provider specializing in enterprise content management and data migration for medium to large enterprises and Fortune 500 companies. They offer custom development, hosting, and GDPR compliance solutions leveraging proprietary extraction tools.
- Industry
- Software & Managed Services (Enterprise Content Management)
Attack summary
Severity: high — Confirmed data exfiltration from a managed services provider handling sensitive client data across regulated industries (healthcare, finance). Potential exposure of multiple clients' data due to the company's intermediary role.The dragonforce group claims to have compromised Helix International and exfiltrated data. The specific scope of exfiltration and data categories are not detailed in the available post excerpt.
Data the group says was taken
AI dossier — extracted from the leak post- enterprise content management systems
- client data migration records
- business documents
- client project files
What the group claims
Helix International is a software platform and managed services provider specializing in enterprise content management and data migration. They cater to medium, large, and Fortune 500 companies across various industries, including healthcare, finance, retail, and entertainment. The company offers a variety of solutions, such as custom development, hosting, and GDPR compliance, enabled by their advanced software platform and proprietary extraction tools. With a track record of 100% project success and partnerships with major firms like IBM, Helix International is recognized for its ability to manage and optimize complex data environments.
Sources
Source
Indexed 2 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

