Ransomware victim disclosure
← All victimsJoy Construction Corporation
listed as joyconstructionnyc.com · Claimed by Settra · listed 3 days ago
Status timeline
- ListedJun 30, 2026
- Data leakeddate unknown
At a glance
- Group
- Settra
- Status
- Data leaked
- Country
- United States
- Sector
- Construction
- Listed on leak site
- Jun 30, 2026
About the victim
AI dossier — public-source company profileJoy Construction Corporation is a full-service general contracting and development firm based in New York City specializing in mixed-use, workforce, and affordable housing communities. They focus on public-private partnerships for contextual development and community projects across NYC.
- Industry
- General Contracting & Real Estate Development
- Address
- 40 Fulton Street, 21st Floor, New York, NY 10038
Attack summary
Severity: medium — Post indicates data publication by ransomware operator with specific financial figures ($1.3B, $8.7M) suggesting access to sensitive business/financial data, but truncated leak post provides no proof files, screenshots, or explicit confirmation of exfiltrated data types. Moderate sensitivity due to financial and project information exposure.The Settra group claims to have compromised Joy Construction Corporation and references $1.3 billion in affordable housing projects and $8.7 million in shareholder distributions. The post suggests data exfiltration but provides no explicit detail on the scope or nature of compromised data.
Data the group says was taken
AI dossier — extracted from the leak post- Financial records
- Shareholder information
- Project documentation
- Housing development data
What the group claims
Joy Construction Corp: $1.3 Billion in Affordable Housing — and $8.7 Million to a Shareholder in Six...
Sources
Source
Indexed 3 days agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

