Ransomware victim disclosure
← All victimsThe commune of Castries
Claimed by Payload · listed 6 days ago
Status timeline
- ListedJul 9, 2026
- Data leakeddate unknown
At a glance
- Group
- Payload
- Status
- Data leaked
- Country
- France
- Sector
- Public Sector
- Listed on leak site
- Jul 9, 2026
About the victim
AI dossier — public-source company profileThe commune of Castries is a municipality in southern France, located near Montpellier in the Hérault region. It serves as the local government body providing municipal services, civic engagement, cultural programming, and administrative services (civil status, permits, heritage management) to residents of this historic town known for its 17th-century château.
- Industry
- Public Sector - Municipal Government
Attack summary
Severity: medium — Public sector municipal entity with potential access to resident records (civil status, permits, services), but no proof of significant data exfiltration is documented. Encrypted systems could disrupt municipal operations and citizen access to services. Severity moderated by absence of evidence of sensitive data mass exfiltration.The Payload ransomware group claims to have compromised the Castries municipal website and infrastructure. No specific data exfiltration or operational impact is detailed in the available post excerpt.
Data the group says was taken
AI dossier — extracted from the leak post- Municipal administrative records
- Citizen services databases
- Municipal council documentation
- Website data
What the group claims
The commune of Castries is a picturesque, historic town in the south of France, renowned for its majestic 17th-century château and unique aqueduct. The city's official website (castries.fr) provides visitors and locals with the latest news, cultural event schedules, and tourism information. Additionally, the portal serves as a convenient digital platform for residents to access municipal services and connect with the town hall.
Sources
Source
Indexed 6 days agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

