Ransomware victim disclosure
← All victimsАврора (Aurora)
listed as avrora24.ru · Claimed by Lv · listed 3 years ago
Status timeline
- ListedDec 20, 2023
- Data leakeddate unknown
At a glance
- Group
- Lv
- Status
- Data leaked
- Country
- Russia
- Sector
- Financial Services
- Listed on leak site
- Dec 20, 2023
About the victim
AI dossier — public-source company profileAurora (Аврора) is a Russian pawn shop and used goods retailer operating a chain with over 100 branches. The company offers commission-based sales, trade-in programs, financing options, and a loyalty rewards program. They operate primarily through physical stores and online ordering with delivery services.
- Industry
- Pawn Shop & Used Goods Retail
Attack summary
Severity: high — Confirmed exfiltration of customer personal data at significant scale (755k+ individuals). While the specific data sensitivity is not fully detailed, customer records from a retail/financial services platform typically include PII and payment information, which triggers high severity despite no proof files being explicitly advertised.The Lv group claims to have exfiltrated data from Aurora, listing 755,369 customer records. The post does not specify what data categories were compromised or whether encryption occurred.
Data the group says was taken
AI dossier — extracted from the leak post- customer records (755,369 individuals)
- customer contact information
- transaction history
What the group claims
755369 клиентов,поддерживаем высокий уровень качества услуг - согласно проведенным исследованиям, индекс удовлетворенности наших клиентов NPS на уровне!Имеем более 100 филиалов.10 лет на рынке.130000$.
Sources
- Victim siteavrora24.ru
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

