Ransomware victim disclosure

Gulf Energy Maritime

Claimed by raworld · listed 2 years ago

18m

Age

since listed · data leaked

Status timeline

Listed
Nov 23, 2024
Data leaked

At a glance

Group: raworld
Status: Data leaked
Country: UAE
Sector: Energy
Listed on leak site: Nov 23, 2024

About the victim

AI dossier — public-source company profile

Gulf Energy Maritime (GEM) is an independent product and chemical tanker operator based in Dubai, UAE, specializing in maritime transportation of crude oil, petroleum products, and chemicals. The company operates a fleet of 12 vessels including LR1 and MR-class tankers, serving major oil companies, refiners, and traders globally with a focus on high safety and quality standards.

Industry: Maritime Shipping & Energy Transportation
Address: Third Floor, Office 5EA 301, Dubai Airport Freezone, P.O. Box 855, Dubai, United Arab Emirates

Attack summary

Severity: medium — Confirmed data publication by threat actor against operational maritime/energy company with potential access to business systems; however, no specific sensitive data categories are detailed in the disclosure, and no proof files are referenced in the truncated post.

The raworld group claims to have compromised Gulf Energy Maritime's systems. The post indicates data has been published, though specific details about exfiltration versus encryption, or the nature of exposed data, are not explicitly stated in the available disclosure.

medium

Original description

AI-summarised, not from the leak post

Gulf Energy Maritime is a prominent maritime shipping company based in the United Arab Emirates. It specializes in the transportation of crude oil, petroleum products, and chemicals. The company operates a modern fleet of tankers, ensuring safe and efficient delivery while adhering to high environmental and safety standards. It plays a critical role in the global energy supply chain.

Sources

Victim sitegemships.com
Leak posthttp://raworldw32b2qxevn3gp63pvibgixr4v75z62etlptg3u3pmajwra4ad.onion/post/4219.html

Source

Indexed 2 years ago

This page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.

Is this your supplier? Your competitor? You?

Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

Disclosure context

About raworld

Raworld is a relatively new ransomware group that emerged in May 2023, operating with primarily financial motivations and demonstrating a broad international targeting approach. The group's origin and specific affiliations remain unclear based on publicly available information, though their targeting patterns suggest they may operate independently rather than as part of a larger ransomware-as-a-service ecosystem. Limited public documentation exists regarding their specific attack methodologies, though their victim profile spanning multiple sectors including business services, technology, manufacturing, and healthcare suggests they likely employ opportunistic targeting rather than highly specialized initial access vectors. With 112 documented victims across major economies including Germany, the United States, United Kingdom, France, and Italy, Raworld has demonstrated significant operational capability despite their recent emergence, though specific details about notable high-profile attacks or law enforcement disruption efforts have not been widely reported by major threat intelligence organizations. As of current reporting, the group appears to remain active, though the limited public intelligence available makes definitive assessment of their operational status challenging. The group has been linked to 112 public disclosures across our corpus. First observed on a leak site on May 6, 2023; most recent post December 28, 2024. The operation is currently inactive.

Timeline of this disclosure

November 23, 2024Gulf Energy Maritime listed by raworldon the group's public leak site

Other recent disclosures by raworld

raworld has been linked to 112 public victims on Darkfield. A sample of the most recent:

Watertown Public SchoolsEducation · United States · December 28, 2024