Ransomware victim disclosure
← All victimsCustom Sign & Engineering, Inc.
listed as CUSTOMSIGN · Claimed by INC Ransom · listed 4 hours ago
Status timeline
- Listed
Jun 4, 2026
- Data leaked
At a glance
- Group
- INC Ransom
- Status
- Data leaked
- Country
- US
- Sector
- Manufacturing / Signage
- Listed on leak site
- Jun 4, 2026
- Data size
- 20 GB
- Records
- 20 files
About the victim
AI dossier — public-source company profileCustom Sign & Engineering, Inc. specializes in creating high-quality custom commercial digital signs and billboards, including LED dimensional letters, monumental signs, and information displays. Based in Evansville, Indiana, the company serves clients across Illinois, Indiana, and Kentucky with custom signage solutions designed to enhance business visibility and brand image.
- Industry
- Commercial Signage & Digital Displays Manufacturing
- Address
- Evansville, Indiana, US
Attack summary
Severity: medium — Confirmed exfiltration indicated by AD dump and proof files, plus operational encryption. However, data size (20 GB) and absence of published proof samples limit severity classification. No confirmed PII, financial, or regulated data types explicitly mentioned for this victim.INC Ransom claims to have encrypted systems and exfiltrated data from Custom Sign & Engineering. The group states they obtained an AD dump and proof files, indicating both encryption and data theft.
Data the group says was taken
AI dossier — extracted from the leak post- Active Directory dump
- Business operational data
- Client/customer information
- System files
What the group claims
Custom Sign & Engineering, Inc. specializes in creating high-quality, custom commercial digital signs and billboards in Evansville, Indiana. The company offers LED dimensional letters, monumental signs, and information displays. It serves clients in Illinois, Indiana, and Kentucky.
The leak post
captured from the group's site```
{"type":true,"message":"Success: got announcements.","payload":{"length":718,"announcements":[{"_id":"6a20239dd152110a6a17aa7e","company":{"company_name":"Colina%20Financial%20Advisors","country":"BS","revenue":7900000},"categories":["Encrypted","Proof"],"description":["Colina%20Financial%20Advisors%20Limited%20(CFAL)%20is%20a%20prominent%2C%20independent%20wealth%20management%20and%20investment%20advisory%20firm%20based%20in%20Nassau%2C%20The%20Bahamas.%20Established%20in%201997%2C%20it%20serves%20as%20the%20investment%20arm%20of%20Colina%20Holdings%20Ltd..%20The%20firm%20provides%20diverse%20financial%20services%20to%20both%20individual%20and%20institutional%20clients.%0D","%0D","While%20customers%20continue%20to%20entrust%20the%20company%20with%20their%20money%2C%20senior%20executives%20are%20actively%20working%20to%20cover%20up%20a%20major%20data%20breach%20involving%20approximately%20500%20GB%20of%20highly%20confidential%20data.%0D","The%20leak%20includes%2C%20but%20is%20not%20limited%20to%3A%0D","1.%20Client%20Personally%20Identifiable%20Information%20(PII)%0D","2.%20Client%20Financial%20Profiles%20%26%20Asset%20Data%0D","3.%20Proprietary%20Business%20Intel%20%26%20System…Data the group says was taken
- AD Dump
Screenshot of the leak post
Sources
Source
Indexed 4 hours agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.