Ransomware victim disclosure
← All victimsАМАКС Сити-отель (AMAKS City Hotel)
listed as krasnoyarsk.amaks · Claimed by Werewolves · listed 3 years ago
Status timeline
- ListedDec 20, 2023
- Data leakeddate unknown
At a glance
- Group
- Werewolves
- Status
- Data leaked
- Country
- Russia
- Sector
- Hospitality
- Listed on leak site
- Dec 20, 2023
About the victim
AI dossier — public-source company profileАМАКС Сити-отель is a 15-story business-class hotel located in Krasnoyarsk, Russia, part of the AMAKS Hotels & Resorts chain. It operates as a modern hospitality establishment serving business and leisure guests.
- Industry
- Hospitality & Hotels
- Address
- Krasnoyarsk, Russia
Attack summary
Severity: high — Confirmed exfiltration of significant volume (1+ TB) of customer data from hospitality provider; customer PII exposure is material even without enumerated proof files published yet.The Werewolves group claims to have exfiltrated over 1 terabyte of customer data from the hotel due to inadequate information security practices. The group states customer data was not properly protected despite centralized antivirus policy on hosts.
Data the group says was taken
AI dossier — extracted from the leak post- customer personal data
- guest records
What the group claims
«АМАКС Сити-отель» - современный пятнадцатиэтажный бизнес-комплекс, который входит в гостиничную сеть AMAKS Hotels&Resorts.У отеля проблемы с информационной безопасностью.Не смотря на то,что в целом присутствует централизованная политика управления антивирусным решением на хостах,данные клиентов не защищены.Более 1 террабайта данных будут опубликованы для всех желающих на зеркалах в сети TOR.
Sources
- Victim sitekrasnoyarsk.amaks
- Leak posthttps://werewolves.pro/en/acac.html
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

