Ransomware victim disclosure
← All victimsNaRaYa
Claimed by Lamashtu · listed 2 months ago
Status timeline
- ListedMay 12, 2026
- Data leakeddate unknown
At a glance
About the victim
AI dossier — public-source company profileNaRaYa (นารายา) is a Thai retail brand founded in 1989, internationally recognised for its handcrafted fabric bags and accessories that highlight traditional Thai craftsmanship. The company operates globally through physical stores and an e-commerce platform (naraya.com, hosted on Shopify) serving customers across numerous countries. It is considered one of Asia's most well-known lifestyle accessory brands.
- Industry
- Fashion Accessories & Handcrafted Fabric Goods
- Founded
- 1989
Attack summary
Severity: high — Data has been published (data_published status), confirming exfiltration rather than a mere listing. A consumer-facing retail brand with a global customer base likely holds customer PII, payment records, and business data, making a confirmed publication high severity even without an explicit data inventory.The ransomware group Lamashtu claims to have attacked NaRaYa and has published data (disclosed status: data_published), indicating exfiltration of company data; no specific data volume or encryption claim is detailed in the post.
Data the group says was taken
AI dossier — extracted from the leak post- Exfiltrated company data (type unspecified)
What the group claims
NaRaYa is a famous Thai brand recognized worldwide for its distinctive fabric bags and accessories. Founded in 1989, it has grown into one of Asia's most influential brands, specializing in high-quality, handcrafted products that showcase Thai crafts
Sources
Source
Indexed 2 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

