Ransomware victim disclosure
← All victimsRamey Wine Cellars
listed as rameywine.com · Claimed by Abyss · listed 2 years ago
Status timeline
- ListedMar 29, 2024
- Data leakeddate unknown
At a glance
- Group
- Abyss
- Status
- Data leaked
- Country
- United States
- Listed on leak site
- Mar 29, 2024
- Data size
- 61 GB
- Ransom demanded
- $50
About the victim
AI dossier — public-source company profileRamey Wine Cellars is a boutique winery located in Healdsburg, California, specializing in premium Chardonnay, Pinot Noir, Cabernet Sauvignon, and Syrah sourced from top vineyards in Sonoma and Napa. The company operates a wine club and tasting room by appointment.
- Industry
- Wine Production & Retail
- Address
- 25 Healdsburg Ave, Healdsburg, CA 95448
Attack summary
Severity: medium — Confirmed exfiltration of 61 GB with data published, but no explicit evidence of regulated/sensitive data types (PII at scale, medical, financial compliance data) specific to a wine retailer. No operational disruption claimed.The Abyss group claims to have exfiltrated 61 GB of data from Ramey Wine Cellars. The leak post lists the company alongside multiple other victim organizations but provides no specific details about what data was stolen or whether systems were encrypted.
Data the group says was taken
AI dossier — extracted from the leak post- Business records
- Customer information
- Wine club member data
- Financial records
What the group claims
rameywine.com 61Gb uncompressed data
The leak post
captured from the group's site```
let data = [
{
'title' : 'thinlinetech.com',
'short' : 'thinlinetech.com 29Gb uncompressed data',
'full' : 'Thinline Technologies <br>' +
'Thinline Technologies offers reliable IT consulting and expert computer and network support services to businesses in the Baltimore metro area.<br> They specialize in network administration, technology planning, and help desk services, focusing on increasing productivity and profitability for small to mid-size businesses.<br>'+
'password: 6oGfyIRISQmmI3Ge2kEeyu7hbzONONEFpkcnhC1S4Ygk4iSpw4RRxDXY1uk9xeyUXOmg7UOuZvGekRc9cs8E61LWKdI08uv0kUyC4V6YxaETtrhniAtKD9t7FQ2qTFYi<br>'+
'Link â„–1 Filelist',
'links' : [
"http://zngbsq66uwem4qzyxpqb5rjo2xebnbwdku27nhmquryx6ljnbbedhiad.onion/thinline.lst.zip",
"http://zngbsq66uwem4qzyxpqb5rjo2xebnbwdku27nhmquryx6ljnbbedhiad.onion/thinline.rar"
]
},
{
'title' : 'crownlaboratories.com',
'short' : 'crownlaboratories.com 8Tb uncompressed data',
'full' : 'Crown Laboratories <br>' +
'Crown Laboratories, founded in 2000 and based in Johnson City, TN, provides pharmaceutica…Screenshot of the leak post

Sources
- Victim siterameywine.com
Source
Indexed 2 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

