Ransomware victim disclosure
← All victimsPrimed Halberstadt Medizintechnik GmbH
listed as Primed Halberstadt Medizintechnik · Claimed by Aurora · listed 3 days ago
Status timeline
- ListedJun 30, 2026
- Data leakeddate unknown
At a glance
- Group
- Aurora
- Status
- Data leaked
- Country
- Germany
- Sector
- Healthcare
- Listed on leak site
- Jun 30, 2026
About the victim
AI dossier — public-source company profilePrimed Halberstadt Medizintechnik GmbH is a German manufacturer of medical devices founded in 1946, now owned by PE-backed PP Medtech group (Wiesmann & Co. KG). The company operates a Czech subsidiary and manufactures medical equipment with documented production processes.
- Industry
- Medical Device Manufacturing
- Employees
- 289
- Founded
- 1946
Attack summary
Severity: critical — Confirmed exfiltration of sensitive regulated data at scale: employee PII (289 home directories), payroll/tax records (LODAS), banking credentials and transfers, production/IP data, and healthcare company operational systems. PE-backed medical device manufacturer with multi-jurisdictional exposure. Data published without ransom suggests deliberate disclosure.The aurora group claims to have exfiltrated four complete server volumes totalling approximately 2.0 TB, including employee directories, enterprise resource planning systems, banking credentials, payroll data, accounting records, and scanned employee documents. No encryption or operational disruption is mentioned.
Data the group says was taken
AI dossier — extracted from the leak post- 289 employee home directories
- Czech subsidiary operational data
- Production processes and machine configurations
- Apollo ERP system database
- Banking credentials (8 accounts)
- Complete database backup (100.6 GB, June 2026)
- Product images
- DATEV accounting data (115+ directories)
- LODAS payroll records
- Bank transfer records
- DMS document exports
- 51+ employee DMS mailboxes (scanned)
What the group claims
[manufacturer] *** GmbH — a German manufacturer of medical devices founded in 1946 and now part of the PE-backed PP Medtech group (Wiesmann & Co. KG). The exfiltration captured four entire server volumes: Daten (883 GB) — File server: 289 employee home directories (547 GB), Czech subsidiary data (66 GB), production processes (162 GB), machine configurations (81 GB) EE (807 GB) — Enterprise system: Apollo ERP, VBANK banking (8 accounts), complete database backup (100.6 GB, dated June 3), product images WINDVSW1 (344 GB) — Windows server: DATEV accounting (115+ data directories including LODAS payroll), bank transfers, DMS exports dmsscan (12 GB) — Scanned documents from 51+ employee DMS mailboxes A database backup (spiel.zip.001–010, 100.6 GB) was created on 2026-06-03
Sources
Source
Indexed 3 days agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

