Ransomware victim disclosure
← All victimsKNOBEL Bau-Gruppe
listed as knobel-bau.de · Claimed by Safepay · listed 9 days ago
Status timeline
- ListedJul 6, 2026
- Data leakeddate unknown
At a glance
- Group
- Safepay
- Status
- Data leaked
- Country
- Germany
- Sector
- Construction
- Listed on leak site
- Jul 6, 2026
About the victim
AI dossier — public-source company profileKNOBEL Bau-Gruppe is a family-owned construction company founded in 1947 based in Hartheim am Rhein, Germany. Operating for over 75 years, the company specializes in civil engineering, road construction, pipeline work, earthworks, paving, demolition, and recycling. With approximately 140 employees, they operate integrated operations including gravel extraction, asphalt production, and material recycling across the tri-border region (Germany-France-Switzerland).
- Industry
- Civil Engineering & Construction (Heavy Infrastructure)
- Address
- Freiburger Straße 33, 79258 Hartheim am Rhein, Germany
- Employees
- 140
- Founded
- 1947
Attack summary
Severity: low — No confirmed exfiltration details, data categories, or proof files are described in the accessible leak post. The disclosure appears to be a listing/announcement only without substantive evidence of data compromise or operational disruption.The SafePay ransomware group claims to have attacked KNOBEL Bau-Gruppe. The leak post provides minimal detail on attack scope; no specific data categories or operational impact are disclosed in the available excerpt.
Data the group says was taken
AI dossier — extracted from the leak post- business records
- employee information
- operational/project data
What the group claims
Founded in 1947, the company has grown from a small sand and gravel business established after the Second World War …
Sources
Source
Indexed 9 days agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

