Ransomware victim disclosure
← All victimsCasale Del Giglio
Claimed by Orca · listed 3 months ago
Status timeline
- ListedApr 27, 2026
- Data leakeddate unknown
At a glance
About the victim
AI dossier — public-source company profileCasale del Giglio is an Italian winery founded in 1967 by Dr. Berardino Santarelli, located in Le Ferriere, in the Pontine plain south of Rome, Lazio. The estate produces a broad portfolio of white, rosé, red, sweet wines, grappas, and olive oil, and is internationally recognised with awards such as Gold Medals at the AWC Vienna Spring Tasting 2026. The winery also operates guided tours and tastings at its historic premises.
- Industry
- Winery & Wine Production
- Address
- Le Ferriere, Latina, Lazio, Italy
- Employees
- 11-50
- Founded
- 1967
Attack summary
Severity: medium — Data has been published by the threat actor, confirming some level of exfiltration, but the company is a small Italian winery with no indication of large-scale regulated data (medical, financial, government). The scope and sensitivity of exfiltrated data appear limited, warranting a medium severity rating.The Orca ransomware group claims to have attacked Casale del Giglio and has published data (disclosed status: data_published); the leak post references the company's founding and background, suggesting exfiltration of internal records, though the exact data categories and volume are not specified in the truncated post.
Data the group says was taken
AI dossier — extracted from the leak post- Company internal records
- Potentially employee/personnel data
- Potentially financial/business documents
What the group claims
Casale del Giglio was founded in 1967 by Dr. Berardino Santarelli, a native of t...
Sources
Source
Indexed 3 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

