Ransomware victim disclosure
← All victimsNext TI
Claimed by Fog · listed 1 year ago
Status timeline
- ListedFeb 19, 2025
- Data leakeddate unknown
At a glance
- Group
- Fog
- Status
- Data leaked
- Country
- Indonesia
- Sector
- Technology
- Listed on leak site
- Feb 19, 2025
About the victim
AI dossier — public-source company profileNext TI (PT Next Transformtech Indonesia) is an Indonesian IT solutions provider specializing in digital financial platforms for banking and multifinance industries. The company is supported by Hana Financial Group, a leading South Korean financial conglomerate, and offers core banking systems, API management, collection systems, and enterprise solutions.
- Industry
- Financial Technology & Banking Software Solutions
- Address
- Mangkuluhur City Office Tower One, 16th floor, Jl. Jend. Gatot Subroto Kav 1-3, Jakarta 12930, Indonesia
Attack summary
Severity: high — Confirmed data exfiltration from a financial technology company handling banking and multifinance infrastructure; access to core banking systems and API code represents significant operational and security risk to financial sector clients, despite no ransomed funds stated.The Fog group claims to have compromised Next TI and exfiltrated data. The post references extraction from GitLab repositories but provides no details on the scope of data or operational impact.
Data the group says was taken
AI dossier — extracted from the leak post- Source code repositories (GitLab)
- Financial platform architecture/systems
What the group claims
Extract from Gitlabs: Next TI, VISEO, Hochschule Trier: Next TI is an Indonesian IT solutions company specializing in financial digital platforms for banking and multifinance industries, supported by South Korea's Hana Financial Group.
Sources
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

