Skip to main content

Ransomware victim disclosure

All victims

Pastas Allegri

Claimed by ORION · listed 2 months ago

2m
Age
since listed · listed for ransom

Status timeline

  1. ListedMay 14, 2026

Current state: Listed for ransom

At a glance

Group
ORION
Status
Listed for ransom
Country
Venezuela
Listed on leak site
May 14, 2026

About the victim

AI dossier — public-source company profile

Pastas Allegri is a Venezuelan food manufacturer with over 139–144 years of history (founded approximately 1881–1882), producing pasta and enriched flour products for the Venezuelan consumer market. The company sources raw materials from the United States and Canada and distributes nationally, emphasising quality, nutrition, and family tradition. It is one of Venezuela's long-standing staple food brands.

Industry
Pasta & Flour Food Manufacturing
Founded
1882

Attack summary

Severity: low — The post is a bare listing with no ransom stated, no data size disclosed, no proof files published, and no confirmed exfiltration or operational disruption described.

The ORION ransomware group (OrionRaaS) has listed Pastas Allegri as a victim, claiming a data breach and corporate exposure; no specific exfiltration volume, ransom demand, or proof files have been published at this stage.

low

Data the group says was taken

AI dossier — extracted from the leak post
  • Confidential corporate data (unspecified)

What the group claims

Pastas Allegri is characterized as an innovative and solid company, committed to Venezuela, generating more and more jobs throughout the country every day

The leak post

captured from the group's site
Latest confidential data breaches and corporate exposures
Pastas Allegri https://pastasallegri.com.ve Pastas Allegri is characterized as an innovative and solid company, committed to Venezuela, generating more and more jobs throughout the country every day
##### Your clicks can earn you a Lamborghini
Join the elite drive your success The OrionRaaS Network
[ Apr 14 ·  ](http://cjfntkj5qeizxowuy3srceg7zo6namc3kfeor7pfn6bpdkl3w265ooid.onion/news/article?id=36) [ Jan 26 ·  ](http://cjfntkj5qeizxowuy3srceg7zo6namc3kfeor7pfn6bpdkl3w265ooid.onion/news/article?id=34) ###### [Your clicks can earn you a Lamborghini Jan 25 ·  ](http://cjfntkj5qeizxowuy3srceg7zo6namc3kfeor7pfn6bpdkl3w265ooid.onion/news/article?id=33) [ Oct 28 ·  ](http://cjfntkj5qeizxowuy3srceg7zo6namc3kfeor7pfn6bpdkl3w265ooid.onion/news/article?id=30) [ Oct 28 ·  ](http://cjfntkj5qeizxowuy3srceg7zo6namc3kfeor7pfn6bpdkl3w265ooid.onion/news/article?id=29)
Stay updated with the latest data breaches and corporate exposures. Our platform tracks and reports on significant cybersecurity incidents.

Screenshot of the leak post

Leak screenshot for Pastas Allegri

Sources

Source

Indexed 2 months ago

This page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.

Is this your supplier? Your competitor? You?

Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

Disclosure context

About ORION

Jan13, 2026: We believe the group might be related to Babuk-Bjorka. The group has been linked to 4 public disclosures across our corpus. First observed on a leak site on May 14, 2026; most recent post May 17, 2026. The operation is currently active.

Timeline of this disclosure

  • May 14, 2026Pastas Allegri listed by ORIONon the group's public leak site

Sector and geography

This disclosure adds to ransomware activity in the Food Manufacturing sector. Geographically, Pastas Allegri is reported in Venezuela, a country with 4 ransomware disclosures in our corpus.

If your organisation is affected

A listing by ORION means Pastas Allegri appeared on a ransomware extortion site and is being pressured to pay before any publication. If this is your organisation, or a supplier you depend on, the priority is to confirm the intrusion and contain it before the window to act closes.

  • Engage your incident-response team and preserve forensic evidence before remediating — do not wipe affected systems first.
  • Force a password reset and revoke active sessions for exposed accounts; rotate any credentials, API keys or certificates that may have been in the stolen data.
  • Assess regulatory notification duties (GDPR, NIS2, sector regulators) — many carry a 72-hour reporting clock from awareness.
  • Monitor for the data appearing on ORION's leak site and across paste and breach channels, and brief downstream partners who may be exposed through you.

How we know this. Darkfield monitors public ransomware leak sites continuously, archiving every new disclosure and the data later released against the victim. Each entry on this page is sourced from the operator's own publication and cross-checked against complementary OSINT feeds (RansomLook, ransomware.live, RansomWatch). We do not collect or host stolen data — only the metadata, timestamps and screenshots needed to make the public disclosure searchable and accountable. Records here are corrected when the original post is edited, retracted, or merged with another disclosure.