Ransomware victim disclosure
← All victimsGKS Hydraulik
Claimed by Royal · listed 3 years ago
Status timeline
- ListedApr 22, 2023
- Data leakeddate unknown
At a glance
- Group
- Royal
- Status
- Data leaked
- Country
- Germany
- Sector
- Manufacturing
- Listed on leak site
- Apr 22, 2023
- Ransom demanded
- $1M
About the victim
AI dossier — public-source company profileGKS Hydraulik GmbH & Co. KG is a small German company based in Kressbronn am Bodensee specialising in the planning, manufacturing, and assembly of custom hydraulic aggregates, as well as hydraulic service (repair, maintenance, and overhaul) and wholesale distribution of hydraulic components. Founded in 1976, the company serves industrial clients in the Lake Constance region and acts as a distribution partner for brands including Bosch Rexroth, Danfoss, Enerpac, and Hydac.
- Industry
- Hydraulic Systems Manufacturing & Wholesale
- Address
- Im Heidach 3, 88079 Kressbronn am Bodensee, Baden-Württemberg, Germany
- Employees
- 11-20
- Founded
- 1976
Attack summary
Severity: high — Data has been confirmed published by the threat actor, indicating successful exfiltration; the $1M ransom demand and data publication for a small SME suggests significant business data exposure, though no large-scale regulated PII (medical, government) evidence is present.The Royal ransomware group claims to have attacked GKS Hydraulik and has published data (disclosed status: data_published), demanding a $1 million ransom. No specific data volume is stated, but the publication of data implies exfiltration of company files.
Data the group says was taken
AI dossier — extracted from the leak post- Company business data
- Potentially financial records
- Potentially employee records
- Potentially customer/partner records
What the group claims
GKS Hydraulik is a company that operates in the Wholesale industry. It employs 11-20 people and has $1M-$5M of revenue. The company is headquartered in Kressbronn Am Bodensee, Baden-Wuerttemberg, Germany.
Sources
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

