Ransomware victim disclosure
← All victimsAmbisig
listed as ambisig.com · Claimed by LockBit · listed 7 months ago
Status timeline
- ListedDec 26, 2025
- Data leakeddate unknown
At a glance
- Group
- LockBit
- Status
- Data leaked
- Country
- Portugal
- Sector
- Technology
- Listed on leak site
- Dec 26, 2025
About the victim
AI dossier — public-source company profileAmbisig is a Portuguese technology consultancy specialising in digital transformation, geographic information systems (GIS), document management, and smart city solutions for public administrations and private enterprises. Founded in 1994, the company operates offices in Lisbon, Portugal and Maputo, Mozambique. Its product portfolio includes GEOPORTAL, egov.WEBDOC (document management), and TELCO REGULATOR, primarily targeting local and central government clients.
- Industry
- Digital Transformation & Geographic Information Systems Consulting
- Address
- Lisboa, Portugal; Maputo, Moçambique
- Founded
- 1994
Attack summary
Severity: high — Data has been published (not merely listed), and Ambisig's core business involves managing information for local governments and public administrations, meaning exfiltrated data likely contains sensitive government operational data, potentially PII of public sector clients, and confidential territorial/geographic datasets.LockBit claims to have attacked Ambisig and has published data (disclosed status: data_published), asserting exfiltration of company information related to its work managing information for local governments and businesses. No ransom amount or specific data volume was stated in the post.
Data the group says was taken
AI dossier — extracted from the leak post- Government client data
- Business information management records
- Internal company documents
- Geographic/spatial data
- Project and consultancy files
What the group claims
Ambisig is a technology company that helps local governments and businesses manage information smart...
Sources
- Victim siteambisig.com
Source
Indexed 7 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

