Ransomware victim disclosure
← All victimsCasa Botas
listed as casabotas.es · Claimed by LockBit · listed 7 months ago
Status timeline
- ListedDec 26, 2025
- Data leakeddate unknown
At a glance
About the victim
AI dossier — public-source company profileCasa Botas is a Spanish company specialising in the extraction, processing, and commercialisation of seafood products, including fresh and frozen fish, shellfish, and cephalopods. The company sources directly from local and national fishing fleets operating in major fishing grounds worldwide and manages a full value chain from catch to distribution. It is based in Spain (phone prefix +34 986, indicating Galicia) and emphasises food safety, quality control, and sustainable fishing practices.
- Industry
- Seafood Harvesting, Processing & Distribution
Attack summary
Severity: high — Data has been published by LockBit, confirming exfiltration and public disclosure of company data. While no regulated personal data (e.g. medical or government) is explicitly identified, a seafood processing and distribution company would hold supplier contracts, customer PII, financial records, and trade data, making confirmed data publication a high-severity event.LockBit claims to have attacked Casa Botas and has published data (disclosed status: data_published), indicating exfiltration of company data; no ransom amount or specific data volume was stated in the post.
Data the group says was taken
AI dossier — extracted from the leak post- Business operational data
- Client/customer records
- Supply chain and procurement documents
- Internal company communications
- Financial records (inferred)
What the group claims
We are one of the oldest and most experienced companies in the catching, production, and sale of sea...
Sources
- Victim sitecasabotas.es
Source
Indexed 7 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

