Ransomware victim disclosure
← All victimsKHS&S
listed as KHSS (You have 3 days) · Claimed by ALPHV/BlackCat · listed 2 years ago
Status timeline
- ListedFeb 21, 2024
- Data leakeddate unknown
At a glance
- Group
- ALPHV/BlackCat
- Status
- Data leaked
- Country
- United States
- Sector
- Technology
- Listed on leak site
- Feb 21, 2024
About the victim
AI dossier — public-source company profileKHS&S is an international design-assist specialty building contractor that creates interiors, exteriors, prefabricated components, and themed environments for major projects. Operating through six offices in Florida, Texas, and New Jersey, the company serves healthcare, aviation, gaming, themed construction, and venue markets. They have been ranked a Top-Ten Specialty Wall & Ceiling Contractor by ENR for the past 20 years.
- Industry
- Specialty Construction & Building Contractor
- Address
- Multiple offices in Florida, Texas, and New Jersey (specific headquarters address not stated)
Attack summary
Severity: low — No proof files, screenshots, or data samples are advertised. No specific data types or operational impact are claimed. The victim is only listed with a generic deadline threat ('3 days'). Without evidence of exfiltration or encryption impact, this appears to be a listing-only announcement.ALPHV claims to have compromised KHS&S. The leak post does not specify whether data was exfiltrated, encrypted, or both, nor does it detail the scope or nature of data at stake.
What the group claims
KHS&S is transforming construction from a field-based industry to an industry of digital modeling, virtual project delivery, prefabrication and Lean construction. We are continuously rethinking how projects get built. Our focus is on creating project value, while remaining true to our corporate values that have driven us since our founding.
Sources
Source
Indexed 2 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

