Ransomware victim disclosure
← All victimsISCOT
listed as iscot.it · Claimed by LockBit · listed 7 months ago
Status timeline
- ListedDec 7, 2025
- Data leakeddate unknown
At a glance
- Group
- LockBit
- Status
- Data leaked
- Country
- Italy
- Sector
- Technology
- Listed on leak site
- Dec 7, 2025
About the victim
AI dossier — public-source company profileISCOT is an Italian company specialising in technical services for industrial enterprises, with over 40 years of experience. Its core offerings include industrial cleaning, industrial maintenance, industrial logistics, and facility management (hard and soft). The company operates with an integrated Quality, Environment, and Safety management model and serves clients across complex industrial plants and facilities.
- Industry
- Industrial Facility Management & Technical Services
Attack summary
Severity: high — Data has been confirmed published by LockBit, indicating successful exfiltration of potentially significant business data including client and employee information from an industrial services company operating across multiple facilities.LockBit claims to have attacked ISCOT and has published data (disclosed status: data_published), indicating exfiltration of company data. No specific ransom amount or data volume was stated in the post.
Data the group says was taken
AI dossier — extracted from the leak post- Business operational data
- Client records
- Employee/personnel records
- Internal company documents
What the group claims
Chi siamo passato, presentee futuro Siamo una società che offre Servizi Tecnici per le imprese. Le n...
Sources
- Victim siteiscot.it
Source
Indexed 7 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

