Ransomware victim disclosure
← All victimsVOP CZ, s.p.
listed as [File Tree and Full Data Dump]VOP CZ · Claimed by Ransomhouse · listed 2 years ago
Status timeline
- ListedOct 28, 2024
- Data leakeddate unknown
At a glance
- Group
- Ransomhouse
- Status
- Data leaked
- Country
- Czech Republic
- Listed on leak site
- Oct 28, 2024
- Data size
- 743 GB
- Ransom demanded
- $740
About the victim
AI dossier — public-source company profileVOP CZ, s.p. is a Czech state-owned defence and engineering company specializing in military vehicle repair, overhaul, and production. The company manufactures and maintains armoured vehicles (including Bushmaster and Leopard 2A4 tanks), provides welding and mechanical engineering services, and operates calibration laboratories. It serves the Czech Armed Forces and NATO allies.
- Industry
- Defence & Military Manufacturing; Armoured Vehicle Repair & Production
- Address
- Dukelská 102, 742 42 Šenov u Nového Jičína, Czech Republic
Attack summary
Severity: critical — VOP CZ is a critical defence contractor supplying NATO-aligned military equipment and repair services to Czech Armed Forces. Encryption of systems and exfiltration of 743 GB of data—potentially including armoured vehicle specifications, repair protocols, or military procurement details—poses direct threat to national security and operational military capability.Ransomware group Ransomhouse claims to have encrypted VOP CZ's systems. The group advertises a 743 GB data dump as evidence of exfiltration, alongside multiple other claimed victims (global cybersecurity, automotive, energy, battery, textile, and logistics firms, plus a US sheriff's office).
Data the group says was taken
AI dossier — extracted from the leak post- Operational and technical documentation
- Defence/military project files
- Engineering schematics and specifications
- Business records and communications
What the group claims
VOP CZ, s.p. is an enterprise fully owned by the Ministry of Defence of the Czech Republic and specialising in military technology, machine production and development.
The leak post
captured from the group's site```
{"data":[{"id":"a1894b76b7004c75a3a0845799af49956592e3d9","display":"animated","header":"HOT NEWS","info":" Trellix is a global cybersecurity company.","url":"","sort":1,"views":"436242"},{"id":"336b257f582b17573c97578efd4b22762bf77344","sort":2,"header":"Trellix (McAfee & FireEye)","url":"https://www.trellix.com/","private":"false","revenue":"1.5-2 B$","employees":"5000","info":"Trellix is a global cybersecurity company formed from the October 2021 merger of McAfee Enterprise and FireEye. It provides services to over 50,000 business and government customers worldwide, protecting more than 200 million endpoints. The companys open and native extended detection and response (XDR) platform helps organizations confronted by todays most advanced threats gain confidence in the protection and resilience of their operations. Trellix, along with an extensive partner ecosystem, accelerates technology innovation through machine learning and automation to empower over 40,000 business and government customers with living security","statusDate":"DEPENDS ON YOU","status":"EVIDENCE","published":"NOT YET","action":"Encrypted","actionDate":"17/04/2026","volume":"~","content":"cybersecurity.html"…Sources
Source
Indexed 2 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

