Ransomware victim disclosure
← All victimsRoberts HVAC
listed as robertshvac.com · Claimed by Abyss · listed 2 years ago
Status timeline
- ListedAug 11, 2024
- Data leakeddate unknown
At a glance
- Group
- Abyss
- Status
- Data leaked
- Country
- United States
- Sector
- Business Services
- Listed on leak site
- Aug 11, 2024
- Data size
- 240 GB
- Ransom demanded
- $50
About the victim
AI dossier — public-source company profileRoberts HVAC is a heating, ventilation, and air conditioning service provider operating in the United States. The company maintains an online presence at robertshvac.com.
- Industry
- HVAC Services
Attack summary
Severity: medium — Confirmed exfiltration of 240 GB of business data with published proof of access (password-protected files on dark web portal). No specific regulated data (PII at scale, medical, financial) explicitly mentioned, but scale and nature of exfiltration warrants medium severity.The Abyss group claims to have exfiltrated 240 GB of data from Roberts HVAC. The group has published the data on their dark web leak portal with password-protected access, indicating confirmed data exfiltration.
Data the group says was taken
AI dossier — extracted from the leak post- Business records
- Customer information
- Financial data
- Operational documents
What the group claims
robertshvac.com 240Gb uncompressed data
The leak post
captured from the group's site```
let data = [
{
'title' : 'thinlinetech.com',
'short' : 'thinlinetech.com 29Gb uncompressed data',
'full' : 'Thinline Technologies <br>' +
'Thinline Technologies offers reliable IT consulting and expert computer and network support services to businesses in the Baltimore metro area.<br> They specialize in network administration, technology planning, and help desk services, focusing on increasing productivity and profitability for small to mid-size businesses.<br>'+
'password: 6oGfyIRISQmmI3Ge2kEeyu7hbzONONEFpkcnhC1S4Ygk4iSpw4RRxDXY1uk9xeyUXOmg7UOuZvGekRc9cs8E61LWKdI08uv0kUyC4V6YxaETtrhniAtKD9t7FQ2qTFYi<br>'+
'Link â„–1 Filelist',
'links' : [
"http://zngbsq66uwem4qzyxpqb5rjo2xebnbwdku27nhmquryx6ljnbbedhiad.onion/thinline.lst.zip",
"http://zngbsq66uwem4qzyxpqb5rjo2xebnbwdku27nhmquryx6ljnbbedhiad.onion/thinline.rar"
]
},
{
'title' : 'crownlaboratories.com',
'short' : 'crownlaboratories.com 8Tb uncompressed data',
'full' : 'Crown Laboratories <br>' +
'Crown Laboratories, founded in 2000 and based in Johnson City, TN, provides pharmaceutica…Screenshot of the leak post

Sources
- Victim siterobertshvac.com
Source
Indexed 2 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

