Ransomware victim disclosure
← All victimsNEI General Contracting
listed as neigc.com · Claimed by Abyss · listed 2 years ago
Status timeline
- ListedMar 11, 2024
- Data leakeddate unknown
At a glance
- Group
- Abyss
- Status
- Data leaked
- Country
- United States
- Sector
- Business Services
- Listed on leak site
- Mar 11, 2024
- Data size
- 2.9 TB
- Ransom demanded
- $50
About the victim
AI dossier — public-source company profileNEI General Contracting is a construction company operating in Massachusetts and Florida that specializes in residential, healthcare, hospitality, and historic building projects. The company focuses on affordable housing, multi-family developments, and adaptive reuse projects across multiple regional offices.
- Industry
- General Contracting & Construction
Attack summary
Severity: high — Confirmed exfiltration of 2.9 TB of business data from a construction firm; likely includes employee PII, financial records, and sensitive project information. Data is published and accessible on Tor sites.The Abyss group claims to have exfiltrated 2.9 TB of data from NEI General Contracting. The post aggregates multiple victim companies with their allegedly stolen data packaged and published on Tor sites with password-protected archives.
Data the group says was taken
AI dossier — extracted from the leak post- Employee records
- Project files
- Financial documents
- Client information
- Contractor/subcontractor data
- Bid and estimate documentation
What the group claims
neigc.com 2.9Tb uncompressed data
The leak post
captured from the group's site```
let data = [
{
'title' : 'thinlinetech.com',
'short' : 'thinlinetech.com 29Gb uncompressed data',
'full' : 'Thinline Technologies <br>' +
'Thinline Technologies offers reliable IT consulting and expert computer and network support services to businesses in the Baltimore metro area.<br> They specialize in network administration, technology planning, and help desk services, focusing on increasing productivity and profitability for small to mid-size businesses.<br>'+
'password: 6oGfyIRISQmmI3Ge2kEeyu7hbzONONEFpkcnhC1S4Ygk4iSpw4RRxDXY1uk9xeyUXOmg7UOuZvGekRc9cs8E61LWKdI08uv0kUyC4V6YxaETtrhniAtKD9t7FQ2qTFYi<br>'+
'Link â„–1 Filelist',
'links' : [
"http://zngbsq66uwem4qzyxpqb5rjo2xebnbwdku27nhmquryx6ljnbbedhiad.onion/thinline.lst.zip",
"http://zngbsq66uwem4qzyxpqb5rjo2xebnbwdku27nhmquryx6ljnbbedhiad.onion/thinline.rar"
]
},
{
'title' : 'crownlaboratories.com',
'short' : 'crownlaboratories.com 8Tb uncompressed data',
'full' : 'Crown Laboratories <br>' +
'Crown Laboratories, founded in 2000 and based in Johnson City, TN, provides pharmaceutica…Screenshot of the leak post

Sources
- Victim siteneigc.com
Source
Indexed 2 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

