Ransomware victim disclosure
← All victimsWangkanai Group
Claimed by Ransomhouse · listed 2 years ago
Status timeline
- ListedFeb 24, 2024
- Data leakeddate unknown
At a glance
- Group
- Ransomhouse
- Status
- Data leaked
- Country
- Thailand
- Listed on leak site
- Feb 24, 2024
- Data size
- 743 GB
- Ransom demanded
- $740
About the victim
AI dossier — public-source company profileWangkanai Group is a major Thai sugar manufacturer founded in 1975, with its original company Wangkanai Sugar Co., Ltd. established in Wangkanai District, Kanchanaburi Province. The group is one of Thailand's largest granulated sugar producers and has diversified into community health and youth sports development initiatives, including partnerships with FC Bayern Munich's youth program.
- Industry
- Sugar Manufacturing & Production
- Address
- Wangkanai District, Kanchanaburi Province, Thailand
- Founded
- 1975
Attack summary
Severity: medium — Confirmed encryption and exfiltration of large data volume (743 GB) from a significant manufacturing company, but no specific sensitive data categories (PII at scale, medical, financial regulatory data) explicitly confirmed in the post. The listing appears credible but proof files are not detailed.Ransomware group claims to have encrypted Wangkanai Group's systems and exfiltrated approximately 743 GB of corporate data. The group lists the attack under 'Encrypted' status with an action date of 19/12/2025, though the leak post itself appears to be a database compilation mixing multiple victims.
Data the group says was taken
AI dossier — extracted from the leak post- Internal database records
- Corporate files
- Business operations data
What the group claims
Wangkanai Group sugar business started in 1975 with the establishment of Wangkanai Sugar Co., Ltd. in Wangkanai Sub-district, Kanchanaburi Province. Wangkanai Group is currently one of Thailand’s largestsugar producers. Wangkanai Group is now the nation’s leading sugar producer, supplying raw sugar, white sugar, refined sugar, natural sugar, caramelized sugar and brown sugar to the local and global markets, with a total production capacity of approximately 100,000 tons of sugar cane daily.
The leak post
captured from the group's site```
{"data":[{"id":"a1894b76b7004c75a3a0845799af49956592e3d9","display":"animated","header":"HOT NEWS","info":" Trellix is a global cybersecurity company.","url":"","sort":1,"views":"436242"},{"id":"336b257f582b17573c97578efd4b22762bf77344","sort":2,"header":"Trellix (McAfee & FireEye)","url":"https://www.trellix.com/","private":"false","revenue":"1.5-2 B$","employees":"5000","info":"Trellix is a global cybersecurity company formed from the October 2021 merger of McAfee Enterprise and FireEye. It provides services to over 50,000 business and government customers worldwide, protecting more than 200 million endpoints. The companys open and native extended detection and response (XDR) platform helps organizations confronted by todays most advanced threats gain confidence in the protection and resilience of their operations. Trellix, along with an extensive partner ecosystem, accelerates technology innovation through machine learning and automation to empower over 40,000 business and government customers with living security","statusDate":"DEPENDS ON YOU","status":"EVIDENCE","published":"NOT YET","action":"Encrypted","actionDate":"17/04/2026","volume":"~","content":"cybersecurity.html"…Sources
Source
Indexed 2 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

