Ransomware victim disclosure
← All victimsTÜV NORD
listed as TUV India Pvt. Ltd. · Claimed by Ransomhouse · listed 1 year ago
Status timeline
- ListedMar 13, 2025
- Data leakeddate unknown
At a glance
- Group
- Ransomhouse
- Status
- Data leaked
- Country
- India
- Sector
- Technology
- Listed on leak site
- Mar 13, 2025
- Data size
- 743 GB
- Ransom demanded
- $740
About the victim
AI dossier — public-source company profileTÜV NORD is a global testing, inspection, and certification (TIC) organization with headquarters in Hannover, Germany. It operates a worldwide network of service centers across Europe, Asia-Pacific, Africa, and the Americas, providing technical and management services to multiple sectors.
- Industry
- Conformity Assessment, Testing & Certification
- Address
- Am TÜV 1, 30519 Hannover, Germany
Attack summary
Severity: medium — TÜV NORD is a large, globally-operating certification body whose compromise could impact client trust and regulatory processes. However, the leak post provides no specific evidence of data exfiltration, proof files, or details of what was accessed—only an encryption claim. No sensitive data (PII, financial records, etc.) is confirmed to have been published.Ransomhouse claims to have encrypted TÜV NORD's systems. The leak post is a database listing multiple victim companies; the group does not specify which data was exfiltrated from TÜV NORD or the nature of the exposure.
Data the group says was taken
AI dossier — extracted from the leak post- Company databases
- Internal systems
What the group claims
TUV India offers a comprehensive & diverse range of technical services to its large clientele of several thousand customers that includes leading corporate houses, public sector organizations, and medium and small scale enterprises.
The leak post
captured from the group's site```
{"data":[{"id":"a1894b76b7004c75a3a0845799af49956592e3d9","display":"animated","header":"HOT NEWS","info":" Trellix is a global cybersecurity company.","url":"","sort":1,"views":"436242"},{"id":"336b257f582b17573c97578efd4b22762bf77344","sort":2,"header":"Trellix (McAfee & FireEye)","url":"https://www.trellix.com/","private":"false","revenue":"1.5-2 B$","employees":"5000","info":"Trellix is a global cybersecurity company formed from the October 2021 merger of McAfee Enterprise and FireEye. It provides services to over 50,000 business and government customers worldwide, protecting more than 200 million endpoints. The companys open and native extended detection and response (XDR) platform helps organizations confronted by todays most advanced threats gain confidence in the protection and resilience of their operations. Trellix, along with an extensive partner ecosystem, accelerates technology innovation through machine learning and automation to empower over 40,000 business and government customers with living security","statusDate":"DEPENDS ON YOU","status":"EVIDENCE","published":"NOT YET","action":"Encrypted","actionDate":"17/04/2026","volume":"~","content":"cybersecurity.html"…Sources
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

