Ransomware victim disclosure
← All victimsNorthern Response International
listed as northernresponse.com\$17.4M\Canada\366GB\100% DISCLOSED · Claimed by Cactus · listed 1 year ago
Status timeline
- ListedFeb 17, 2025
- Data leakeddate unknown
At a glance
- Group
- Cactus
- Status
- Data leaked
- Country
- Canada
- Sector
- Business Services
- Listed on leak site
- Feb 17, 2025
About the victim
AI dossier — public-source company profileNorthern Response International is a world leader in direct response, home shopping, and retail product distribution. Operating for over 25 years, the company handles licensing and distribution of infomercials, DRTV spots, and product placement through five sales divisions, serving over 90 countries. Based in Richmond Hill, Toronto, with a US office in New York.
- Industry
- Direct Response Marketing & Product Distribution
- Address
- 50 Staples Avenue, Richmond Hill, Toronto, Ontario, Canada L4B 0A7
Attack summary
Severity: high — Confirmed exfiltration and complete disclosure of 366 GB of business data from a major international distribution company. Significant operational and commercial damage likely from exposure of client lists, product placement strategies, and internal business records.Cactus ransomware group claims to have compromised Northern Response International and disclosed 366 GB of data. The disclosure status is marked as 100% disclosed, indicating complete publication of exfiltrated files.
Data the group says was taken
AI dossier — extracted from the leak post- Corporate communications
- Client information
- Product distribution records
- Business operations data
- Internal company files
Sources
- Victim sitenorthernresponse.com
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

