Ransomware victim disclosure
← All victimsHOE Pharmaceuticals Sdn Bhd
Claimed by Ransomhouse · listed 2 years ago
Status timeline
- ListedJan 22, 2024
- Data leakeddate unknown
At a glance
- Group
- Ransomhouse
- Status
- Data leaked
- Country
- Malaysia
- Sector
- Healthcare
- Listed on leak site
- Jan 22, 2024
- Data size
- 743 GB
- Ransom demanded
- $740
About the victim
AI dossier — public-source company profileHOE Pharmaceuticals Sdn Bhd is a pharmaceutical company operating in Malaysia. Based on the domain hoepharma.com.my, the company appears to be engaged in pharmaceutical distribution or manufacturing, though specific details about scale and operational scope are limited from available sources.
- Industry
- Pharmaceuticals & Healthcare
Attack summary
Severity: high — Confirmed exfiltration of 743 GB of data from a pharmaceutical company (healthcare sector with regulated data handling requirements). The substantial data volume and healthcare industry classification indicate significant business and potentially sensitive information exposure, even without visibility into specific data categories.Ransomhouse claims to have encrypted HOE Pharmaceuticals' systems and exfiltrated approximately 743 GB of company data. The group has published the victim on their leak site under 'data_published' status, indicating both encryption and data theft.
Data the group says was taken
AI dossier — extracted from the leak post- company files and databases
- business records
- operational data
What the group claims
HHOE Pharmaceuticals was founded in 1979. From our humble beginning, we have provided high quality products with affordable price. Our product range have expanded over the years through innovation. Combined with strong commitments to our customers, we set the standards that have ingrained in our culture and practices. We have been focusing on dermatological products since those early days. Now, we have transformed the company into a modern, dynamic force with an objective of becoming one of the leading suppliers of dermatological products in the world. In order to facilitate this growth, we have invested significantly in the state of art manufacturing processes and our adherence to Good Manufacturing Practice (GMP) which is recognized by international bodies including Members of Pharmaceuticals Inspection Co-operation Scheme (PIC/S). Now, we export to more than 20 countries and have fulfilled the stringent requirements imposed from those countries on all imported pharmaceutical and cosmetic products
The leak post
captured from the group's site```
{"data":[{"id":"a1894b76b7004c75a3a0845799af49956592e3d9","display":"animated","header":"HOT NEWS","info":" Trellix is a global cybersecurity company.","url":"","sort":1,"views":"436242"},{"id":"336b257f582b17573c97578efd4b22762bf77344","sort":2,"header":"Trellix (McAfee & FireEye)","url":"https://www.trellix.com/","private":"false","revenue":"1.5-2 B$","employees":"5000","info":"Trellix is a global cybersecurity company formed from the October 2021 merger of McAfee Enterprise and FireEye. It provides services to over 50,000 business and government customers worldwide, protecting more than 200 million endpoints. The companys open and native extended detection and response (XDR) platform helps organizations confronted by todays most advanced threats gain confidence in the protection and resilience of their operations. Trellix, along with an extensive partner ecosystem, accelerates technology innovation through machine learning and automation to empower over 40,000 business and government customers with living security","statusDate":"DEPENDS ON YOU","status":"EVIDENCE","published":"NOT YET","action":"Encrypted","actionDate":"17/04/2026","volume":"~","content":"cybersecurity.html"…Sources
Source
Indexed 2 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

