Ransomware victim disclosure
← All victimsMyShoes
listed as myshoes.bg · Claimed by Ransomed · listed 3 years ago
Status timeline
- ListedSep 26, 2023
- Data leakeddate unknown
At a glance
- Group
- Ransomed
- Status
- Data leaked
- Country
- Bulgaria
- Sector
- Retail & Consumer
- Listed on leak site
- Sep 26, 2023
- Ransom demanded
- $15.000
About the victim
AI dossier — public-source company profileMyShoes (myshoes.bg) is a Bulgarian e-commerce retailer selling footwear, sandals, and accessories under brands including Lee Cooper, Bulldozer, Rider, Ipanema, and Grendha. The site operates in Bulgarian leva (BGN), euros (EUR), and Romanian leu (RON), suggesting a regional customer base across Bulgaria and neighbouring countries. The business operates physical stores in addition to its online shop.
- Industry
- Online Footwear & Accessories Retail
Attack summary
Severity: medium — Data has been disclosed as published and a ransom demand with an exfiltration threat is present, but no specific sensitive data categories (e.g. payment card data, medical records) have been confirmed, no data volume is stated, and no proof files are described.The Ransomed group claims to have exfiltrated data from MyShoes and threatens to publish all obtained information if a $15,000 ransom is not paid. No details of encryption or specific data categories were provided in the leak post.
Data the group says was taken
AI dossier — extracted from the leak post- Customer data (unspecified)
- Business/internal data (unspecified)
What the group claims
We will leak all of the info we have on you if we dont get paid.We require a ransom of $15,000
Sources
- Victim sitemyshoes.bg
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

