Ransomware victim disclosure

Avril Supermarché Santé

listed as avril.ca · Claimed by blackbasta · listed 1 year ago

550 GB

Data size

17m

Age

since listed · data leaked

Status timeline

Listed
Jan 11, 2025
Data leaked

At a glance

Group: blackbasta
Status: Data leaked
Country: Canada
Sector: Agriculture and Food Production
Listed on leak site: Jan 11, 2025
Data size: 550 GB

About the victim

AI dossier — public-source company profile

Avril Supermarché Santé is an independent health food supermarket chain based in Quebec, Canada, operating multiple stores across the province. Founded in 1995, the company specializes in natural and organic products including groceries, supplements, beauty items, and ready-to-eat meals aimed at promoting healthy lifestyles.

Industry: Health Food Retail & Supermarkets
Address: 11 rue Évangéline, Granby, Quebec, J2G 6N3, Canada
Founded: 1995

Attack summary

Severity: high — Confirmed exfiltration of 550 GB of data including financial records, HR/employee PII, and business operations data from a retail chain; data already published by ransomware group.

BlackBasta claims to have exfiltrated approximately 550 GB of company data including financial records, accounting files, human resources documents, personal employee files, store management data, and marketing materials.

high

Data the group says was taken

AI dossier — extracted from the leak post

Financial data
Accounting records
Human Resources files
Personal employee documents
Store management data (DirectionMagasin)
Marketing materials

What the group claims

Avril Supermarché Santé, an independent health food supermarket chain based in Quebec, Canada. Founded in 1995, Avril aims to promote a healthy lifestyle by making natural and organic products accessible to everyone. The company operates multiple stores across Quebec and offers a wide range of products, including groceries, supplements, beauty items, and ready-to-eat meals.SITE: www.avril.caADDRESS: 11 rue Évangéline Granby, Quebec, J2G 6N3 Canada.TEL#: 1-844-375-6446ALL DATA SIZE: ≈550gb+ 1. Financial data, Accounting 2. Human Resources 3. Personal employees documents 4. DirectionMagasin 5. Marketing & etc…

Sources

Victim siteavril.ca
Leak posthttp://stniiomyjliimcgkvdszvgen3eaaoz55hreqqx6o77yvmpwt7gklffqd.onion/?id=avril.ca

Source

Indexed 1 year ago

This page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.

Is this your supplier? Your competitor? You?

Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

Disclosure context

About blackbasta

Black Basta is a financially motivated ransomware group that emerged in April 2022 and has rapidly established itself as a significant threat actor, compromising over 500 organizations globally within its first two years of operation. The group is suspected to have ties to Russia-based cybercriminal networks and operates as a Ransomware-as-a-Service (RaaS) model, recruiting affiliates to conduct attacks while the core group maintains the ransomware infrastructure and negotiates with victims. Black Basta primarily gains initial access through phishing campaigns, exploitation of unpatched vulnerabilities, and compromised Remote Desktop Protocol (RDP) credentials, then deploys custom tools and living-off-the-land techniques to move laterally through networks before deploying their ransomware payload that uses ChaCha20 encryption. The group employs double extortion tactics, stealing sensitive data before encryption and threatening to publish it on their leak site if ransom demands are not met. Notable campaigns include attacks on major manufacturing companies, healthcare organizations, and critical infrastructure entities primarily across the United States, United Kingdom, Germany, Canada, and Italy, with the group showing particular focus on business services, manufacturing, technology, agriculture and food production, and transportation/logistics sectors. As of 2024, Black Basta remains active and continues to evolve its tactics, techniques, and procedures while maintaining a steady pace of victim recruitment and ransom collection operations. The group has been linked to 523 public disclosures across our corpus. First observed on a leak site on April 26, 2022; most recent post January 11, 2025. The operation is currently inactive.

Timeline of this disclosure

January 11, 2025avril.ca listed by blackbastaon the group's public leak site

Data size: 550 GB

Other recent disclosures by blackbasta

blackbasta has been linked to 523 public victims on Darkfield. A sample of the most recent: