Ransomware victim disclosure
← All victimsMoravia
Claimed by MEDUSA LOCKER (aka BAVACAI · listed 2 months ago
Status timeline
- ListedMay 20, 2026
Current state: Listed for ransom
At a glance
- Status
- Listed for ransom
- Country
- Costa Rica
- Sector
- Business Services
- Listed on leak site
- May 20, 2026
About the victim
AI dossier — public-source company profileMoravia is an entity located in San José, Costa Rica. No public site content was available to determine the nature of its operations, scale, or sector. The name 'Moravia' may refer to a district within San José or a company bearing that name.
- Address
- San José, Costa Rica
Attack summary
Severity: medium — The group has advertised demo file access suggesting exfiltration has occurred, but no data size, data type, or ransom amount has been disclosed, and the sector and data sensitivity are unknown.MEDUSA LOCKER (aka BAVACAI) claims to have compromised Moravia and is advertising demo access to up to 10 files per folder, with full data to be published after a presumed ransom deadline.
What the group claims
Organization located in Moravia, San José, Costa Rica listed on MedusaLocker ransomware leak site.
The leak post
captured from the group's siteMoravia, San José, Costa Rica ⚠ Demo access — showing up to 10 files per folder. Full data will be available after publication.
Screenshot of the leak post

Sources
Source
Indexed 2 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

