Ransomware victim disclosure
← All victimsRevitaLash Cosmetics
listed as revitalash.com\$21.5M\USA\1.2TB\<1% DISCLOSED · Claimed by Cactus · listed 1 year ago
Status timeline
- ListedFeb 18, 2025
- Data leakeddate unknown
At a glance
- Group
- Cactus
- Status
- Data leaked
- Country
- United States of America
- Sector
- Retail & Consumer
- Listed on leak site
- Feb 18, 2025
About the victim
AI dossier — public-source company profileRevitaLash is a cosmetics company operating in the beauty and personal care sector, primarily known for eyelash and eyebrow enhancement products sold through retail and online channels. The company operates under the domain revitalash.com and serves a consumer market.
- Industry
- Cosmetics & Beauty Products
Attack summary
Severity: high — Confirmed exfiltration of 1.2 TB of data with published proof samples; cosmetics companies typically hold significant customer PII, financial records, and proprietary product information. Operational encryption also claimed.Cactus ransomware group claims to have encrypted systems and exfiltrated approximately 1.2 TB of company data. The group has published less than 1% of the stolen data as proof of the breach.
Data the group says was taken
AI dossier — extracted from the leak post- business records
- customer data
- financial information
- proprietary formulations
Sources
- Victim siterevitalash.com
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

