Ransomware victim disclosure
← All victimsCHF Industries
listed as chfindustries.com · Claimed by Cactus · listed 1 year ago
Status timeline
- ListedFeb 24, 2025
- Data leakeddate unknown
At a glance
- Group
- Cactus
- Status
- Data leaked
- Country
- United States
- Sector
- Manufacturing
- Listed on leak site
- Feb 24, 2025
- Ransom demanded
- $253.8M
- Estimated revenue
- $253.8M
About the victim
AI dossier — public-source company profileCHF Industries is a family-run household goods company founded in 2002, headquartered in New York City. The company curates and markets home-related brands and products, emphasizing work-life balance, charitable initiatives, and responsible sourcing practices. With $253.8M in revenue, it operates as a multi-brand portfolio in the consumer home goods sector.
- Industry
- Household Goods & Home Products
- Address
- 1 Park Ave Fl 9, New York City, New York, 10016, United States
- Founded
- 2002
Attack summary
Severity: critical — Confirmed exfiltration of sensitive data at scale including PII (passport scans, employee personal documents), financial records, proprietary manufacturing designs, and customer data. Large revenue company ($253.8M) with significant operational and reputational impact. Data published with multiple proof files demonstrating access.Cactus ransomware group claims to have exfiltrated and encrypted CHF Industries' data. The group has published evidence including personal identifiable information, corporate confidential documents, contracts, production designs, shipping data, employee personal documents, financial records, and customer documentation.
Data the group says was taken
AI dossier — extracted from the leak post- Personal identifiable information (PII)
- Passport scans and employee personal documents
- Corporate confidential documents and contracts
- Production documentation, drawings, and designs
- Shipping and logistics data
- Financial records and data
- Customer documentation
- Corporate correspondence
- Certified manufacturing partner agreements
The group's post references roughly 4 proof images proof files.
What the group claims
<p>Household Goods.<br><br>“Family-run since 2002, CHF is, at its heart, a community of people with a shared passion for enhancing home life. The company weaves that perspective into every aspect of business, from encouraging work-life balance for employees to creating workplace initiatives and charitable giving programs to help foster responsible working conditions, fair compensation, respect for human rights, and environmental stewardship.”<br><br>Website: <a href="https://www.chfindustries.com/">https://www.chfindustries.com/</a><br><br>Revenue : $253.8M<br><br>Address: 1 Park Ave Fl 9, New York City, New York, 10016, United States<br><br>Phone Number: (212) 951-7800<br><br><mark class="marker-yellow"><strong>Download link #1:</strong></mark> <a href="https://6wuivqgrv2g7brcwhjw5co3vligiqowpumzkcyebku7i2busrvlxnzid.onion/CHFINDUSTRIES/PROOF/">https://6wuivqgrv2g7brcwhjw5co3vligiqowpumzkcyebku7i2busrvlxnzid.onion/CHFINDUSTRIES/PROOF/</a><br><br><mark class="marker-yellow"><strong>Mirror:</strong></mark> <a href="https://cactus5dqnqkppa5ayckiyk6dttpqwczdqphv5mxh4dkk5ct544q5aad.onion/CHFINDUSTRIES/PROOF/">https://cactus5dqnqkppa5ayckiyk6dttpqwczdqphv5mxh4dkk5ct544q5aad.onion/CHFINDUSTRIES/PROOF/</a><br><br><mark class="marker-yellow"><strong>DATA DESCRIPTIONS:</strong></mark> Personal identifiable information, corporate confidential documents, contracts\agreements, production docs\drawings\designs, shipping data, employees personal documents, financial data, customer docs, corporate correspondence, etc.</p><p><img src="/uploads/passport_scan_89bc13afc8.png" alt="passport_scan.png"><img src="/uploads/Docs_DI_61000_Nishat_9756836dd9.png" alt="Docs_DI61000_Nishat.png"><img src="/uploads/CONFIDENTIAL_Ci_CLO_Certified_Manufacturing_Partners_08_2024_eff52d31fe.png" alt="CONFIDENTIAL CiCLO Certified Manufacturing Partners 08_2024.png"><img src="/uploads/CHF_Confidentiality_Agreement_f9bbdf919a.png" alt="CHF Confidentiality Agreement.png"><img src="/uploads/2025_
Sources
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

