Ransomware victim disclosure

D&M Contractors

Claimed by anubis · listed 1 day ago

Age

since listed · data leaked

Status timeline

Listed
Jun 5, 2026
Data leaked

At a glance

Group: anubis
Status: Data leaked
Sector: Construction
Listed on leak site: Jun 5, 2026

About the victim

AI dossier — public-source company profile

D&M Contractors is a building and mechanical services contractor based in the South East of England. The company provides construction and related services to commercial and residential clients in that region.

Industry: Building & Mechanical Services Contracting
Address: South East of England

Attack summary

Severity: medium — Confirmed exfiltration of personal data (PII) including identity documents from employees and customers, but the group explicitly states the number affected is small (fewer than 300 individuals). No operational disruption mentioned; data already published.

The anubis group claims to have exfiltrated personal data belonging to employees and/or customers of D&M Contractors. The group has published the data and is highlighting that individuals affected deserve awareness of the breach.

medium

Data the group says was taken

AI dossier — extracted from the leak post

employee personal data
customer contact information
identity documents (passports, driver's licenses)

What the group claims

A small breach, real employee data.

The leak post

captured from the group's site

is a building and mechanical services contractor located in the South East of England.
Another small data breach at a relatively small company — the kind of incident that has every chance of slipping under the radar. Still, it's our job to tell you about it, even if only briefly.
But why do we bother with any of this? Why not simply publish the data without any context, as many others do?
We have an answer to that.
A large portion of the information held by companies does not actually belong to the companies themselves. It belongs to employees, customers, patients, and countless other individuals. Contact information, medical records, passports, driver's licenses, and other identity documents are just a few examples.
When a company negotiates behind closed doors and ultimately makes a decision that leads to the publication of data, it rarely consults the people whose information is at stake. As we have seen time and time again, many of those people first learn about the incident from news reports. Others do not learn about it at all until someone opens an account in their name, attempts to use their identity, or they start receiving calls from scammers who somehow know far more abo…

Sources

Leak posthttp://om6q4a6cyipxvt7ioudxt24cw4oqu4yodmqzl25mqd2hgllymrgu4aqd.onion/r/7ennLNxUKQ+HQYzWqdXuLdC6C5QrL0wfb8M5AZCTds3hzzunjNKym2DApCALNYMhfVLoA49bBTZQ2wEE3O4zd6bXpGSFJq

Source

Indexed 1 day ago

This page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.

Is this your supplier? Your competitor? You?

Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

Disclosure context

About anubis

Anubis is a recently emerged ransomware group that began operations in February 2025, primarily motivated by financial gain through encryption and extortion attacks. The group has demonstrated rapid expansion, accumulating 65 documented victims within a short operational timeframe. Given the group's recent emergence, limited information is publicly available regarding their specific country of origin, organizational structure, or confirmed affiliations with other cybercriminal entities, though their operational patterns suggest they may operate as an independent group or small-scale ransomware-as-a-service operation. Their attack methodology appears to focus on opportunistic targeting across multiple geographic regions, with victims concentrated primarily in the United States, Australia, Canada, the United Kingdom, and France, indicating either English-language proficiency or the use of automated tools that facilitate cross-border operations. The group demonstrates a clear preference for targeting healthcare organizations and manufacturing companies, followed by business services and technology sectors, suggesting they prioritize organizations with critical operational dependencies that may be more likely to pay ransoms quickly. Due to the group's recent emergence in early 2025, there is insufficient publicly documented information from established cybersecurity firms or law enforcement agencies regarding their specific technical capabilities, encryption methods, or whether they employ double or triple extortion tactics involving data theft and leak sites. As of current reporting, Anubis remains an active threat with continued victim acquisition, though the full scope of their capabilities and long-term operational sustainability remains to be determined as security researchers continue to analyze their activities. The group has been linked to 82 public disclosures across our corpus. First observed on a leak site on February 25, 2025; most recent post June 5, 2026. The operation is currently active.

Timeline of this disclosure

June 5, 2026D&M Contractors listed by anubison the group's public leak site

Other recent disclosures by anubis

anubis has been linked to 82 public victims on Darkfield. A sample of the most recent: