Ransomware victim disclosure
← All victimsRavagnan S.p.A.
listed as ravagnan.com · Claimed by Lockbit5 · listed 4 days ago
Status timeline
- ListedJul 11, 2026
- Data leakeddate unknown
At a glance
About the victim
AI dossier — public-source company profileRavagnan S.p.A. is an Italian industrial equipment manufacturer with over 60 years of experience. The company designs, manufactures and installs integrated systems for major industrial groups worldwide, specializing in heat exchangers, pressure vessels, reactors, waste heat boilers, and complete industrial plant solutions for steel, chemical, petrochemical, food and civil sectors. With 265 employees and significant production capacity (3,500 tonnes of steel processed daily), it operates divisions in Caldareria (boilers) and Impianti (industrial systems).
- Industry
- Industrial Equipment Manufacturing & Engineering (Heat Exchangers, Pressure Vessels, Industrial Systems)
- Address
- via XXV Aprile, 35010 Limena (Pd), Italy
- Employees
- 265
Attack summary
Severity: high — Confirmed ransomware compromise with data exfiltration of a manufacturing firm serving critical industrial sectors (petrochemical, steel, chemical). Operational disruption to a company with significant production capacity and international client base poses supply-chain risk. No proof files detailed in truncated post, but published status and scale of operation elevate severity.LockBit5 claims to have compromised Ravagnan S.p.A. and encrypted its systems. The group indicates data exfiltration has occurred but does not specify the nature or volume of data taken in the truncated leak post provided.
Data the group says was taken
AI dossier — extracted from the leak post- Technical design documentation
- Project specifications and blueprints
- Client project records
- Internal business systems
- Industrial plant data
What the group claims
the RAVAGNAN GROUP employs about 250 people in Italy, and many more in Latin America. E’ specialized...
Sources
Source
Indexed 4 days agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

