Ransomware victim disclosure
← All victimsAl-Mohamel for Facilities Management (MAFAS)
listed as MAFAS.COM · Claimed by Clop · listed 8 months ago
Status timeline
- ListedNov 21, 2025
- Data leakeddate unknown
At a glance
- Group
- Clop
- Status
- Data leaked
- Listed on leak site
- Nov 21, 2025
About the victim
AI dossier — public-source company profileAl-Mohamel (MAFAS) is a Saudi Arabian facilities management company providing integrated services including maintenance, operations, engineering, cleaning, pest control, landscaping, and security services to commercial buildings, shopping centers, banks, hospitals, and residential complexes across Saudi Arabia. The company is ISO-certified and registered with Saudi Aramco.
- Industry
- Facilities Management & Building Services
- Founded
- 1999
Attack summary
Severity: medium — Data has been published by the group (disclosed status confirmed), indicating successful exfiltration. However, no specific sensitive data categories, proof file count, or operational impact details are documented in the available materials. The company handles facility management for sensitive sectors (banks, hospitals) which elevates concern, but without confirmed details of what was exfiltrated, severity remains medium.The Clop ransomware group claims to have breached and published data from MAFAS. No specific operational details about encryption or exfiltration methods are provided in the available leak post excerpt.
Data the group says was taken
AI dossier — extracted from the leak post- company records
- client information
- operational data
Original description
AI-summarised, not from the leak postN/A
Sources
Source
Indexed 8 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

