Ransomware victim disclosure
← All victimsatol.ru
Claimed by Lv · listed 3 years ago
Status timeline
- ListedDec 20, 2023
- Data leakeddate unknown
At a glance
- Group
- Lv
- Status
- Data leaked
- Country
- Russia
- Sector
- Technology
- Listed on leak site
- Dec 20, 2023
About the victim
AI dossier — public-source company profileАТОЛ (ATOL) is a leading Russian IT company that develops hardware and software for automation across retail, e-commerce, services (including HoReCa), transport, and utilities. Their flagship cloud service 'АТОЛ Онлайн' is a major Cash-as-a-Service (KaaS) solution in the Russian market, and they also supply POS equipment and warehouse automation solutions.
- Industry
- Point-of-Sale (POS) Systems & Retail Automation Software
Attack summary
Severity: critical — Confirmed exfiltration of customer data and personal information from a major infrastructure-critical vendor (POS/payment systems used across Russian retail and services); operational risk to downstream customers and scale of exposure justifies critical classification.The Lv group claims to have compromised database servers and exfiltrated customer data, software code, and personal data from ATOL. A ransom demand of $450,000 is stated for non-publication and deletion of all compromised information.
Data the group says was taken
AI dossier — extracted from the leak post- Customer data
- Personal data (employees/users)
- Proprietary software code
- Database contents
What the group claims
АТОЛ – IT-компания, ведущий российский производитель оборудования и разработчик программного обеспечения для автоматизации таких сфер как ритейл, e-commerce, услуги, включая HoReCa, транспорт, ЖКХ и многое другое.Облачный сервис компании, «АТОЛ Онлайн», является первым и одним из самых крупных в РФ среди KaaS-решений («касса как сервис») по занимаемой доле рынка. Также АТОЛ поставляет POS-оборудование и решения для автоматизации склада. Сервера баз данных скомпрометированы.Данные клиентов,программное обеспечение,персональные данные похищены.Стоимость не публикации и удаления всей скомпрометрованной информации составляет 450000$.
Sources
- Victim siteatol.ru
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

