Ransomware victim disclosure
← All victimsQuick Frames USA
Claimed by Blacklock · listed 1 year ago
Status timeline
- ListedMay 28, 2025
- Data leakeddate unknown
At a glance
- Group
- Blacklock
- Status
- Data leaked
- Country
- United States
- Sector
- Manufacturing
- Listed on leak site
- May 28, 2025
- Records
- 25 Employees
- Ransom demanded
- $5M
About the victim
AI dossier — public-source company profileQuickFrames, a Simpson Strong-Tie division, manufactures pre-engineered, adjustable steel frame systems for commercial construction applications. The company specializes in bolt-in roof and floor frames designed to provide structural support for HVAC and MEP openings without requiring welding. Based in Arizona with fewer than 25 employees.
- Industry
- Structural Steel Components Manufacturing for Commercial Construction
- Address
- Arizona, United States
- Employees
- <25
Attack summary
Severity: medium — Confirmed data publication by ransomware operator with $5M ransom demand suggests exfiltration of business data, but the specific sensitivity/scale of exposed data is unclear from the available post excerpt. No regulated data categories (PII at scale, medical, financial) are explicitly mentioned.BlackLock claims to have exfiltrated data from QuickFrames. The group published data and is demanding a $5M ransom, though specific details about what data categories were compromised are not stated in the available post excerpt.
What the group claims
Internet Service Providers, Website Hosting & Internet-related Services Arizona, United States <25 Employees QuickFrames specializes in manufacturing innovative steel components for the commercial construction industry, offering products like bolt-in and drop-in roof frames. Revenue <$5 Million
Sources
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

