Ransomware victim disclosure
← All victimsCentre de Ciència i Tecnologia Forestal de Catalunya (CTFC)
listed as ctfc.cat · Claimed by Devman · listed 8 months ago
Status timeline
- ListedNov 12, 2025
- Data leakeddate unknown
At a glance
About the victim
AI dossier — public-source company profileThe Centre de Ciència i Tecnologia Forestal de Catalunya (CTFC) is a Catalan public research and technology transfer institution focused on sustainable forest management, biodiversity conservation, landscape planning, and bioeconomy. It operates as a hub of excellence in forest science and applied research across four main programmes, contributing to climate change adaptation and circular bioeconomy. CTFC is accredited as a TECNIO agent by the Generalitat de Catalunya.
- Industry
- Forestry & Environmental Research
- Address
- Catalonia, Spain (specific street address not stated in available sources)
- Employees
- 51-200
Attack summary
Severity: high — 30 GB of data has reportedly been exfiltrated from a publicly-funded research institution and published; this likely includes research data, internal documents, personnel records, and potentially regulated data about publicly-funded projects, constituting significant business and institutional data exposure.The group 'devman' claims to have exfiltrated 30 GB of files from CTFC and demanded a ransom of €248,000; the disclosure status is marked as data_published, indicating the exfiltrated data has been released or made available.
Data the group says was taken
AI dossier — extracted from the leak post- Exfiltrated organisational files (30 GB)
What the group claims
Ransom: 248000 30gb of files exfiltrated
Sources
Source
Indexed 8 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

