Ransomware victim disclosure
← All victimsgrede.com
Claimed by Cactus · listed 1 year ago
Status timeline
- ListedFeb 24, 2025
- Data leakeddate unknown
At a glance
- Group
- Cactus
- Status
- Data leaked
- Country
- United States
- Sector
- Manufacturing
- Listed on leak site
- Feb 24, 2025
- Records
- 2.700 employees
- Ransom demanded
- $814.7M
- Estimated revenue
- $814.7M
About the victim
AI dossier — public-source company profileGrede is an independent manufacturer of ductile, gray, and specialty iron castings for automotive, commercial, and industrial markets. Headquartered in Southfield, Michigan, with 9 U.S. facilities and approximately 2,700 employees, the company provides precision machining, finishing, and assembly services. Founded in 1920, Grede supplies safety-critical components to leading global brands.
- Industry
- Precision Metal Castings & Automotive Components Manufacturing
- Address
- 20750 Civic Center Dr Ste 100, Southfield, Michigan, 48076, United States
- Employees
- 2700
- Founded
- 1920
Attack summary
Severity: critical — Confirmed exfiltration of regulated sensitive data at scale: PII of 2,700+ employees and executives, financial/payroll records, customer data, and engineering/corporate confidential information. Large-scale data breach with proof published.Cactus claims to have exfiltrated multiple categories of sensitive data from Grede, including personal identifiable information of employees and executives, corporate confidential data, engineering drawings, customer information, financial and payroll documents, and database backups. The group published proof files and mirrors on Tor-hosted leak sites.
Data the group says was taken
AI dossier — extracted from the leak post- Personal identifiable information (employees & executives)
- Engineering data and drawings
- Customer information
- Financial and payroll documents
- HR department documents
- Corporate correspondence
- Database exports and backups
The group's post references roughly 5 proof files.
What the group claims
<p>Grede is an independent company that designs, engineers, validates and manufactures high-quality ductile, gray and specialty iron castings for automotive, commercial and industrial markets. Headquartered in Southfield, MI, Grede offers complete precision machining and finishing services, as well as the assembly of diverse components into complete systems. It has 9 facilities in the U.S. with approximately 2,700 employees.</p><p>Website: <a href="https://www.grede.com/">https://www.grede.com/</a></p><p>Revenue : $814.7M</p><p>Address: 20750 Civic Center Dr Ste 100, Southfield, Michigan, 48076, United States</p><p>Phone Number: (248) 440-9500</p><p><mark class="marker-yellow"><strong>Download link #1:</strong></mark> <a href="https://6wuivqgrv2g7brcwhjw5co3vligiqowpumzkcyebku7i2busrvlxnzid.onion/GREDE/PROOF/">https://6wuivqgrv2g7brcwhjw5co3vligiqowpumzkcyebku7i2busrvlxnzid.onion/GREDE/PROOF/</a></p><p><mark class="marker-yellow"><strong>Mirror:</strong></mark> <a href="https://cactus5dqnqkppa5ayckiyk6dttpqwczdqphv5mxh4dkk5ct544q5aad.onion/GREDE/PROOF/">https://cactus5dqnqkppa5ayckiyk6dttpqwczdqphv5mxh4dkk5ct544q5aad.onion/GREDE/PROOF/</a></p><p><mark class="marker-yellow"><strong>DATA DESCRIPTIONS:</strong></mark> Personal identifiable information; Corporate confidential data; Engineering data, drawings; Customer information; Financial\payroll documents; HR department documents; Employees and executives personal data; Corporate correspondence; Database exports and backups.</p><p><img src="/uploads/3_09504c8722.png" alt="3.png"><img src="/uploads/4_ae06f9cc25.png" alt="4.png"><img src="/uploads/2_f483d7e701.png" alt="2.png"><img src="/uploads/1_a73f8e4e72.png" alt="1.png"><img src="/uploads/5_970319790e.png" alt="5.png"></p>
Sources
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

