Ransomware victim disclosure

Vossko GmbH & Co. KG

listed as vossko.de · Claimed by blackbasta · listed 2 years ago

800 GB

Data size

18m

Age

since listed · data leaked

Status timeline

Listed
Dec 4, 2024
Data leaked

At a glance

Group: blackbasta
Status: Data leaked
Country: Germany
Sector: Agriculture and Food Production
Listed on leak site: Dec 4, 2024
Data size: 800 GB

About the victim

AI dossier — public-source company profile

Vossko GmbH & Co. KG is a German food production company specializing in frozen and chilled convenience foods including poultry, beef, pork, and vegetarian/vegan options. Founded in 1982, it is headquartered in Ostbevern, North Rhine-Westphalia, Germany, with an additional facility in Lages, Brazil.

Industry: Frozen & Chilled Convenience Foods (Poultry, Beef, Pork, Vegetarian)
Address: Vossko-Allee 1, 48346 Ostbevern, Germany
Founded: 1982

Attack summary

Severity: high — Confirmed exfiltration of 800 GB including financial data and employee PII at scale; data has been published. Food production company serving commercial customers represents operational significance.

BlackBasta claims to have exfiltrated approximately 800 GB of data from Vossko. The group states they obtained financial data, employee personal data, project files, and personal documents.

high

Data the group says was taken

AI dossier — extracted from the leak post

Financial records
Employee personal data
Project files
Personal documents

What the group claims

Vossko GmbH & Co. KG is a German company specializing in the production of frozen and chilled convenience food products, primarily focusing on poultry, beef, and pork, as well as vegetarian and vegan options. Founded in 1982 by Bernhard and Maria Vosskötter, the company is headquartered in Ostbevern, North Rhine-Westphalia, Germany, and operates a second facility in Lages, Santa Catarina, Brazil.SITE: www.vossko.de Address : Vossko-Allee 1 48346 Ostbevern DeutschlandALL DATA SIZE: ≈800gb 1. Financial data 2. Personal employees data 3. Projects 4. Personal documents & etc…

Sources

Victim sitevossko.de
Leak posthttp://stniiomyjliimcgkvdszvgen3eaaoz55hreqqx6o77yvmpwt7gklffqd.onion/?id=vossko.de

Source

Indexed 2 years ago

This page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.

Is this your supplier? Your competitor? You?

Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

Disclosure context

About blackbasta

Black Basta is a financially motivated ransomware group that emerged in April 2022 and has rapidly established itself as a significant threat actor, compromising over 500 organizations globally within its first two years of operation. The group is suspected to have ties to Russia-based cybercriminal networks and operates as a Ransomware-as-a-Service (RaaS) model, recruiting affiliates to conduct attacks while the core group maintains the ransomware infrastructure and negotiates with victims. Black Basta primarily gains initial access through phishing campaigns, exploitation of unpatched vulnerabilities, and compromised Remote Desktop Protocol (RDP) credentials, then deploys custom tools and living-off-the-land techniques to move laterally through networks before deploying their ransomware payload that uses ChaCha20 encryption. The group employs double extortion tactics, stealing sensitive data before encryption and threatening to publish it on their leak site if ransom demands are not met. Notable campaigns include attacks on major manufacturing companies, healthcare organizations, and critical infrastructure entities primarily across the United States, United Kingdom, Germany, Canada, and Italy, with the group showing particular focus on business services, manufacturing, technology, agriculture and food production, and transportation/logistics sectors. As of 2024, Black Basta remains active and continues to evolve its tactics, techniques, and procedures while maintaining a steady pace of victim recruitment and ransom collection operations. The group has been linked to 523 public disclosures across our corpus. First observed on a leak site on April 26, 2022; most recent post January 11, 2025. The operation is currently inactive.

Timeline of this disclosure

December 4, 2024vossko.de listed by blackbastaon the group's public leak site

Data size: 800 GB

Other recent disclosures by blackbasta

blackbasta has been linked to 523 public victims on Darkfield. A sample of the most recent: