Ransomware victim disclosure
← All victimsR&W Engineering
Claimed by Medusa · listed 1 year ago
Status timeline
- ListedJul 6, 2025
- Data leakeddate unknown
At a glance
- Group
- Medusa
- Status
- Data leaked
- Country
- United States
- Sector
- Manufacturing
- Listed on leak site
- Jul 6, 2025
- Data size
- 676.5 GB
About the victim
AI dossier — public-source company profileR&W Engineering, founded in 1978, provides electrical, mechanical, automation, and commissioning engineering services for municipal, industrial, commercial, institutional, and governmental clients. Based in Beaverton, Oregon, the firm serves both public and private sector markets.
- Industry
- Engineering Services (Electrical, Mechanical, Automation)
- Address
- 9615 SW Allen Blvd., Suite 107, Beaverton, OR 97005
- Founded
- 1978
Attack summary
Severity: medium — Confirmed large-scale data exfiltration (676.5 GB) with published status, but no specific proof files advertised and data types appear to be primarily business/technical rather than regulated PII or financial records. Engineering firms may hold some sensitive client infrastructure data.Medusa claims to have exfiltrated 676.5 GB of data from R&W Engineering. No specific data types, encryption status, or operational disruption details are stated in the available post.
Data the group says was taken
AI dossier — extracted from the leak post- Engineering designs and specifications
- Project documentation
- Client information
- Business records
What the group claims
R&W is an engineering company. (https://rweng.com/) Company is headquartered in 9615 SW Allen Blvd., Suite 107 Beaverton, OR 97005. The total amount of data leakage is 676.5 GB
Sources
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

