Ransomware victim disclosure
← All victimsWeber Flavors
Claimed by Ransomhouse · listed 10 months ago
Status timeline
- ListedOct 2, 2025
- Data leakeddate unknown
At a glance
- Group
- Ransomhouse
- Status
- Data leaked
- Country
- United States
- Sector
- Manufacturing
- Listed on leak site
- Oct 2, 2025
- Data size
- 743 GB
- Ransom demanded
- $740
About the victim
AI dossier — public-source company profileWeber Flavors (operating as E.A. Weber and Co.) is a U.S.-based flavor manufacturer headquartered in Wheeling, Illinois, founded in 1902. The company produces liquid flavors, powder flavors, vanilla products, liquid colors, and organic flavors for food and beverage applications. It markets itself as 'Architects of Flavor' and serves customers seeking custom and catalog flavor solutions.
- Industry
- Flavor Manufacturing & Food Ingredients
- Address
- 549 Palwaukee Dr., Wheeling, IL 60090
- Founded
- 1902
Attack summary
Severity: high — 743 GB of data has been exfiltrated from a manufacturing company with confirmed encryption; while specific regulated data categories (PII at scale, medical, financial) are not explicitly confirmed, the volume and confirmed dual-action attack (encrypt + exfiltrate) with data pending publication warrants a high severity rating.RansomHouse claims to have encrypted systems and exfiltrated approximately 743 GB of data from Weber Flavors; the post lists the status as 'EVIDENCE' with data not yet published.
Data the group says was taken
AI dossier — extracted from the leak post- Encrypted internal files
- 743 GB of exfiltrated data
- Potential business/operational records
What the group claims
Weber Flavors is a family-owned company with over a century of experience in serving the food industry by providing thousands of flavors for various applications. They specialize in custom flavor creation, offering a diverse range of products including liquid flavors, powder flavors, vanilla, and organic flavors. Their intended clients are businesses within the food industry looking for tailored flavor solutions.
The leak post
captured from the group's site```
{"data":[{"id":"a1894b76b7004c75a3a0845799af49956592e3d9","display":"animated","header":"HOT NEWS","info":" Trellix is a global cybersecurity company.","url":"","sort":1,"views":"436242"},{"id":"336b257f582b17573c97578efd4b22762bf77344","sort":2,"header":"Trellix (McAfee & FireEye)","url":"https://www.trellix.com/","private":"false","revenue":"1.5-2 B$","employees":"5000","info":"Trellix is a global cybersecurity company formed from the October 2021 merger of McAfee Enterprise and FireEye. It provides services to over 50,000 business and government customers worldwide, protecting more than 200 million endpoints. The companys open and native extended detection and response (XDR) platform helps organizations confronted by todays most advanced threats gain confidence in the protection and resilience of their operations. Trellix, along with an extensive partner ecosystem, accelerates technology innovation through machine learning and automation to empower over 40,000 business and government customers with living security","statusDate":"DEPENDS ON YOU","status":"EVIDENCE","published":"NOT YET","action":"Encrypted","actionDate":"17/04/2026","volume":"~","content":"cybersecurity.html"…Sources
Source
Indexed 10 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

