Ransomware victim disclosure
← All victimssa.global
listed as Saglobal.com · Claimed by Redransomware · listed 2 years ago
Status timeline
- ListedMar 28, 2024
- Data leakeddate unknown
At a glance
- Group
- Redransomware
- Status
- Data leaked
- Country
- Belgium
- Sector
- Business Services
- Listed on leak site
- Mar 28, 2024
About the victim
AI dossier — public-source company profilesa.global is a Microsoft global implementation partner specializing in project-based cloud ERP solutions for service-centric organizations. They deliver Dynamics 365 implementations, custom cloud applications (HomebuilderONE, ReQlogic), and managed services including migrations, upgrades, and consulting across finance, HR, and project management domains.
- Industry
- Enterprise Software & Consulting - Microsoft Cloud Solutions
Attack summary
Severity: medium — Data has been published by the threat actor (disclosed_status: data_published), indicating confirmed exfiltration. However, the post offers no detail on data scope, sensitivity, or proof artifacts. The victim is a B2B software/consulting firm (not a major regulated entity), so while client data exposure is concerning, the impact appears moderate without evidence of large-scale PII or critical regulatory data.Redransomware claims to have attacked sa.global and published data. The group's leak post references the company's Microsoft ERP implementation services but provides no specific detail on what data was exfiltrated or whether encryption occurred.
Data the group says was taken
AI dossier — extracted from the leak post- Client project data
- Business application configurations
- Implementation records
What the group claims
sa.global is the leading Microsoft global implementation partner for project-based cloud ERP solutions that leverage the Microsoft Cloud
Sources
- Victim sitesaglobal.com
Source
Indexed 2 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

