Ransomware victim disclosure
← All victimsUltra-Met Carbide Technologies
listed as The Ultra-met · Claimed by Royal · listed 3 years ago
Status timeline
- ListedMar 29, 2023
- Data leakeddate unknown
At a glance
- Group
- Royal
- Status
- Data leaked
- Country
- United States
- Sector
- Manufacturing
- Listed on leak site
- Mar 29, 2023
- Data size
- 128 GB
About the victim
AI dossier — public-source company profileUltra-Met Carbide Technologies is a leading independent American manufacturer of custom and stock tungsten carbide products, established in 1965 and based in Ohio (phone prefix 937). The company supplies carbide blanks, rods, preforms, wear parts, and tooling components to industries including aerospace, automotive, medical, energy, and metalworking.
- Industry
- Tungsten Carbide Products Manufacturing
- Founded
- 1965
Attack summary
Severity: critical — Confirmed exfiltration and publication of 128 GB of data containing regulated PII (passports, credit card numbers), financial records, and employee personal/salary data at scale constitutes a critical disclosure.The Royal ransomware group claims to have exfiltrated 128 GB of data from Ultra-Met's network, with the data already published. The stolen data purportedly includes credit card information, passports, employee records with salaries, financial balances, stocks, and manufacturing defect information.
Data the group says was taken
AI dossier — extracted from the leak post- Credit card information
- Passport documents
- Employee information including salaries
- Financial balance records
- Stock information
- Manufacturing defect data
What the group claims
The Ultra-met Carbide Technologies is a premium-quality blanks supplier for fabrications. We have stolen 128GB from their network.Here you will find the following: credit card information, passports, stocks, employee information (including salaries), financial balance and the info of defects while manufacturing.Take a look at the catch!
Sources
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

