Ransomware victim disclosure
← All victimsKretek International
Claimed by Royal · listed 3 years ago
Status timeline
- ListedApr 7, 2023
- Data leakeddate unknown
At a glance
- Group
- Royal
- Status
- Data leaked
- Country
- United States
- Sector
- Retail & Consumer
- Listed on leak site
- Apr 7, 2023
- Data size
- 70 GB
About the victim
AI dossier — public-source company profileKretek International, Inc. is a leading importer, marketer, and distributor of specialty tobacco and related products to convenience, mass, and national retailers across the United States. The company operates under the kretek.com domain and distributes well-known brands including Djarum Filtered Cigars, Cuban Rounds, and Clipper accessories. It serves trade customers only and also operates subsidiaries or affiliates including Kretek Canada and Phillips & King.
- Industry
- Specialty Tobacco Import & Distribution
Attack summary
Severity: high — 70 GB of confirmed exfiltrated data includes PII (employee names and addresses), financial and payment information, and contracts; data has been marked for imminent publication, constituting a significant business and personal data exposure with no encryption-only limitation.The Royal ransomware group claims to have exfiltrated 70 GB of data from Kretek International and has announced imminent public release of the stolen data. The claimed data includes accounting and finance records, payment information, contracts, and employee personal information.
Data the group says was taken
AI dossier — extracted from the leak post- Accounting records
- Finance data
- Payment information
- Contracts
- Employee personal information
- Employee addresses
- Project information
What the group claims
Kretek International, Inc is a number one importer, marketer, and distributor of specialty tobacco products to convenience, mass, and national retailers in the US. We are going to distribute the data of 70GB size we got from them. We have accounting, finance data, payment information, contracts, personal information (employees' info, addresses etc.), information about their projects and so on.Release coming soon.
Sources
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

