Ransomware victim disclosure
← All victimsRuhrpumpen
Claimed by Royal · listed 4 years ago
Status timeline
- ListedJan 12, 2023
- Data leakeddate unknown
At a glance
- Group
- Royal
- Status
- Data leaked
- Country
- Germany
- Sector
- Manufacturing
- Listed on leak site
- Jan 12, 2023
About the victim
AI dossier — public-source company profileRuhrpumpen Group is a global manufacturer of highly engineered and standard pumping solutions, serving markets including oil and gas, offshore, power generation, industrial, chemical, water and wastewater, and mining. The company operates multiple facilities worldwide and offers a broad product portfolio including between-bearing pumps, vertical pumps, magnetic drive pumps, and fire systems. Headquartered in Germany, Ruhrpumpen also provides services such as spare parts, retrofit engineering, and training centers.
- Industry
- Industrial Pump Manufacturing
- Employees
- 1001-5000
- Founded
- 1945
Attack summary
Severity: high — Confirmed exfiltration and publication of data including passport/identity documents (PII) and financial records constitutes significant sensitive data exposure; passports represent regulated personal identity data raising severity, though scale of affected individuals is not quantified.The Royal ransomware group claims to have exfiltrated data from Ruhrpumpen and published a proof pack containing passports, financial records, and internal documents, indicating confirmed data exfiltration with sensitive employee and corporate information at stake.
Data the group says was taken
AI dossier — extracted from the leak post- Passport documents
- Financial records
- Internal business documents
What the group claims
PROOF PACK - Passports \ Finance \ Internal documents
Sources
- Victim siteruhrpumpen.com
Source
Indexed 4 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

