Ransomware victim disclosure
← All victimshighwirepress.com
Claimed by Babuk2 · listed 1 year ago
Status timeline
- ListedMar 18, 2025
- Data leakeddate unknown
At a glance
- Group
- Babuk2
- Status
- Data leaked
- Country
- United States
- Sector
- Technology
- Listed on leak site
- Mar 18, 2025
About the victim
AI dossier — public-source company profileHighWire Press is a digital publishing platform provider founded in 1995, originally spun out of Stanford University. They host and manage scholarly content including academic journals, preprint repositories, and books for major publishers and scientific societies worldwide, processing over 85 million monthly search requests and 60 million monthly users.
- Industry
- Scholarly Publishing & Digital Content Hosting
- Founded
- 1995
Attack summary
Severity: high — HighWire hosts sensitive scholarly publishing infrastructure and content for major scientific organizations and publishers. A confirmed breach of this central publishing platform could expose manuscripts under review, subscriber data, and operational systems used by the global academic publishing ecosystem. However, no specific proof or data inventory details are provided in the truncated post, limiting confidence in the breach claim.The babuk2 group claims to have breached HighWire Press but provides minimal detail in the leak post excerpt. No specific data exfiltration or encryption claims are detailed; only the domain name is listed.
Data the group says was taken
AI dossier — extracted from the leak post- Academic journal content
- Publisher databases
- User/subscriber data
- Peer review manuscripts
- Publishing platform infrastructure
What the group claims
highwirepress.com
Sources
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

