Ransomware victim disclosure
← All victimsIrwin Car and Equipment
listed as Irwin Car · Claimed by Payoutsking · listed 8 months ago
Status timeline
- ListedNov 11, 2025
- Data leakeddate unknown
At a glance
- Group
- Payoutsking
- Status
- Data leaked
- Country
- United States
- Sector
- Manufacturing
- Listed on leak site
- Nov 11, 2025
About the victim
AI dossier — public-source company profileIrwin Car and Equipment is a US-based manufacturer of heavy-duty material handling equipment with a 120-year history. They specialize in custom mining cars, conveyor cars, tunneling cars, and rail products for the metals, mining, tunneling, energy, and transportation industries, operating multiple locations across the United States.
- Industry
- Heavy-Duty Material Handling Equipment Manufacturing
- Founded
- 1904
Attack summary
Severity: low — Only listing/announcement with no proof files, no data inventory details, no confirmation of exfiltration or encryption, and no operational impact stated.The ransomware group claims to have attacked Irwin Car and Equipment. No specific details are provided about what data was exfiltrated or encrypted, nor is any proof of the attack published in the leak post excerpt.
Original description
AI-summarised, not from the leak postIrwin Car and Equipment is a manufacturing company specialized in the production of heavy-duty material handling equipment. They create custom mining cars, conveyor cars, tunneling cars and more. It aids various industries, including mining and tunneling, in improving their efficiency and safety. The company is based in the USA and is recognized for its innovative and durable equipment.
Sources
Source
Indexed 8 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

