Ransomware victim disclosure
← All victimsKHS&S
listed as KHSS (You have 3 days) · Claimed by Alphv · listed 2 years ago
Status timeline
- ListedFeb 21, 2024
- Data leakeddate unknown
At a glance
- Group
- Alphv
- Status
- Data leaked
- Country
- United States
- Sector
- Technology
- Listed on leak site
- Feb 21, 2024
About the victim
AI dossier — public-source company profileKHS&S is an international design-assist specialty building contractor that creates interiors, exteriors, prefabricated components, themed environments, and specialty finishes for major projects worldwide. Operating through six offices in Florida, Texas, and New Jersey, the company serves healthcare, aviation, gaming, venues, and themed construction markets. Ranked in ENR's Top-Ten Specialty Wall & Ceiling Contractors for 20+ years.
- Industry
- Specialty Construction Contracting
- Address
- Offices in Florida, Texas, and New Jersey (specific addresses not provided on public site)
Attack summary
Severity: medium — Data has been published (disclosed_status confirmed), but no specific sensitive data categories (PII at scale, financial records, trade secrets) are enumerated in the leak post. No proof file count is advertised. The company operates in construction/contracting with no critical infrastructure dependency stated.ALPHV claims to have attacked KHS&S and published data. The group's post reproduces the company's own mission statement regarding digital transformation in construction, consistent with data exfiltration. No specific data types or operational disruption are detailed in the available post excerpt.
Data the group says was taken
AI dossier — extracted from the leak post- Corporate documents
- Project files
- Internal communications
- Business records
What the group claims
KHS&S is transforming construction from a field-based industry to an industry of digital modeling, virtual project delivery, prefabrication and Lean construction. We are continuously rethinking how projects get built. Our focus is on creating project value, while remaining true to our corporate values that have driven us since our founding.
Sources
Source
Indexed 2 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

