Ransomware victim disclosure
← All victimsAJU Pharm Co., Ltd.
Claimed by Beast · listed 2 months ago
Status timeline
- ListedMay 17, 2026
- Data leakeddate unknown
At a glance
- Group
- Beast
- Status
- Data leaked
- Country
- South Korea
- Listed on leak site
- May 17, 2026
- Ransom demanded
- $23.83
About the victim
AI dossier — public-source company profileAJU Pharm Co., Ltd. is a South Korean total healthcare company founded in 1953. Over more than 70 years it has evolved from a raw materials manufacturer into a global pharmaceutical group. Its portfolio spans prescription drugs, medical devices, and health supplements.
- Industry
- Pharmaceuticals & Healthcare
- Founded
- 1953
Attack summary
Severity: high — Data has been confirmed as published by the threat actor against a pharmaceutical and healthcare company, which likely holds regulated PII, proprietary drug formulations, and health-related records. The 'data_published' status elevates this beyond a mere listing.The Beast ransomware group claims to have published data exfiltrated from AJU Pharm Co., Ltd., indicating the disclosure status is 'data_published'. No specific ransom demand or data volume was stated in the post.
Data the group says was taken
AI dossier — extracted from the leak post- Pharmaceutical business data
- Medical device records
- Health supplement product data
What the group claims
A prominent South Korean total healthcare company founded in 1953. For over 70 years, it has evolved from a manufacturer of raw materials into a global pharmaceutical group specializing in prescription drugs, medical devices, and health supplements.
The leak post
captured from the group's siteAJU Pharm Co., Ltd. is a prominent South Korean total healthcare company founded in 1953. For over 70 years, it has evolved from a manufacturer of raw materials into a global pharmaceutical group specializing in prescription drugs, medical devices, and health supplements P U B L I S H E D
Screenshot of the leak post

Sources
Source
Indexed 2 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

