Ransomware victim disclosure
← All victimsSHW Schmiedetechnik
listed as shw-fr.de · Claimed by Safepay · listed 9 days ago
Status timeline
- ListedJul 6, 2026
- Data leakeddate unknown
At a glance
About the victim
AI dossier — public-source company profileSHW Schmiedetechnik is a centuries-old German manufacturer of hand tools and agricultural equipment, founded in 1596. Based in the Black Forest region (Baiersbronn-Friedrichstal), the company specializes in high-quality garden tools, forestry implements, snow removal equipment, and wear parts for agricultural machinery, particularly front-loader tines and soil-working implements.
- Industry
- Hand Tools & Agricultural Equipment Manufacturing
- Address
- Wilhelm-Heusel-Straße 18 und 20, 72270 Baiersbronn-Friedrichstal, Germany
- Founded
- 1596
Attack summary
Severity: medium — Data has been published by the group, but no proof files/screenshots are documented in the available excerpt, and no sensitive regulated data (PII at scale, medical, financial, government) is explicitly identified. The company is a manufacturing SME rather than critical infrastructure.The safepay group claims to have attacked SHW Schmiedetechnik and published data. No specific details on encryption, exfiltration method, or data categories are provided in the available post excerpt.
Data the group says was taken
AI dossier — extracted from the leak post- Business records
- Customer data
- Employee information
- Manufacturing/operational data
What the group claims
The company traces its origins to 1596, making it one of Germany's oldest industrial manufacturers, although its current corporate structure …
Sources
Source
Indexed 9 days agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

