Ransomware victim disclosure
← All victimsWarren County Sheriff's Office
listed as OCI International Holdings · Claimed by Ransomhouse · listed 9 months ago
Status timeline
- ListedOct 23, 2025
- Data leakeddate unknown
At a glance
- Group
- Ransomhouse
- Status
- Data leaked
- Country
- Hong Kong SAR China
- Listed on leak site
- Oct 23, 2025
- Data size
- 743 GB
- Ransom demanded
- $740
About the victim
AI dossier — public-source company profileThe Warren County Sheriff's Office is a public law enforcement agency located in Warren County, Kentucky, USA, led by Sheriff Brett Hightower. It provides law enforcement, criminal investigation, and public safety services to the county. The agency operates with approximately 120 employees and an estimated annual budget of $13 million.
- Industry
- Law Enforcement / Public Safety
- Address
- Warren County, Kentucky, USA
- Employees
- 120
Attack summary
Severity: critical — 743 GB of data exfiltrated from a law enforcement agency likely contains highly sensitive regulated data including PII at scale, criminal records, investigative files, and potentially information on witnesses, victims, or informants — a government/public safety entity breach of this magnitude warrants critical severity.RansomHouse claims to have encrypted systems and exfiltrated approximately 743 GB of data from the Warren County Sheriff's Office, with the data published status listed as 'data_published'.
Data the group says was taken
AI dossier — extracted from the leak post- Internal law enforcement databases
- Personnel records
- Criminal case files
- Investigative records
- Personally identifiable information (PII)
What the group claims
OCI International Holdings Limited (stock code: 0329.HK) is a Hong Kong Stock Exchange-listed investment holding company, incorporated in the Cayman Islands in 2001. The company operates through its subsidiary, OCI Asset Management Company Limited, which holds SFC licenses for securities dealing, advising, and asset management, managing bond and private equity funds. Key services include cross-border M&A advisory and securities trading. Related entity OCI Capital SPC, incorporated on August 15, 2017, is a segregated portfolio company with no active portfolios as of January 21, 2025, and was de-registered from CIMA on February 1, 2020. Major shareholders include JZ Investment Fund L.P. (29.34%) and Shanghai Orient Securities Capital (20.94%).
The leak post
captured from the group's site```
{"data":[{"id":"a1894b76b7004c75a3a0845799af49956592e3d9","display":"animated","header":"HOT NEWS","info":" Trellix is a global cybersecurity company.","url":"","sort":1,"views":"436242"},{"id":"336b257f582b17573c97578efd4b22762bf77344","sort":2,"header":"Trellix (McAfee & FireEye)","url":"https://www.trellix.com/","private":"false","revenue":"1.5-2 B$","employees":"5000","info":"Trellix is a global cybersecurity company formed from the October 2021 merger of McAfee Enterprise and FireEye. It provides services to over 50,000 business and government customers worldwide, protecting more than 200 million endpoints. The companys open and native extended detection and response (XDR) platform helps organizations confronted by todays most advanced threats gain confidence in the protection and resilience of their operations. Trellix, along with an extensive partner ecosystem, accelerates technology innovation through machine learning and automation to empower over 40,000 business and government customers with living security","statusDate":"DEPENDS ON YOU","status":"EVIDENCE","published":"NOT YET","action":"Encrypted","actionDate":"17/04/2026","volume":"~","content":"cybersecurity.html"…Sources
Source
Indexed 9 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

