Ransomware victim disclosure
← All victimsPC AfterHours
Claimed by Blacklock · listed 1 year ago
Status timeline
- ListedMay 16, 2025
- Data leakeddate unknown
At a glance
- Group
- Blacklock
- Status
- Data leaked
- Country
- United States
- Sector
- Technology
- Listed on leak site
- May 16, 2025
- Records
- 25 Employees
- Ransom demanded
- $5M
About the victim
AI dossier — public-source company profilePC AfterHours is a small IT support firm based in Minneapolis, Minnesota, offering technical services for Windows computers and networks, including maintenance, repair, hardware/software installation, virus protection, managed services, data recovery, and consulting. They serve small businesses and nonprofits across Minnesota with both remote and on-site support.
- Industry
- Information Technology Services & Technical Support
- Address
- 2801 21st Avenue South, Suite 145, Minneapolis, MN 55407, United States
- Employees
- <25
Attack summary
Severity: medium — Confirmed data exfiltration by a known ransomware operator with $5M ransom demand; however, the victim is a small IT services firm (likely <25 employees, <$5M revenue) with no indication of regulated/sensitive data at scale or critical infrastructure impact. Data exposure is moderate in scope and sensitivity.The BlackLock ransomware group claims to have encrypted PC AfterHours' systems and exfiltrated data. The group demands $5M ransom and has published the victim on their leak site, indicating data exfiltration as part of the attack.
Data the group says was taken
AI dossier — extracted from the leak post- client contact information
- service records
- business correspondence
- technical documentation
- customer data
What the group claims
Consumer Services · Minnesota, United States. PC-AfterHours offers a variety of technical support services for Windows based computers and networks. < 25 Employees Revenue < $5 Million
Sources
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

