Ransomware victim disclosure
← All victimsAndrews Fashion (АНДРЮС ФЕШЪН ЕООД)
listed as andrews.bg · Claimed by Ransomedvc · listed 3 years ago
Status timeline
- ListedSep 26, 2023
- Data leakeddate unknown
At a glance
- Group
- Ransomedvc
- Status
- Data leaked
- Country
- Bulgaria
- Sector
- Technology
- Listed on leak site
- Sep 26, 2023
- Ransom demanded
- $15.000
About the victim
AI dossier — public-source company profileAndrews Fashion (АНДРЮС ФЕШЪН ЕООД) is a Bulgarian men's fashion retailer operating under the brand 'Andrews/' via the e-commerce platform andrews.bg. The company sells clothing, footwear, and accessories across multiple fashion lines (Ceremony, Business, Smart Casual, Adventure, Casual, Active) and also offers made-to-measure tailoring and corporate client services. The web platform was co-financed through the EU Operational Programme 'Innovations and Competitiveness' 2014–2020.
- Industry
- Men's Fashion Retail & E-commerce
Attack summary
Severity: high — Data has been marked as published, and the victim operates an e-commerce platform subject to GDPR, meaning customer PII (names, addresses, payment-related data) is likely involved. Exfiltration of GDPR-regulated personal data at scale from an active e-commerce operation constitutes a significant regulated-data breach.RansomedVC claims to have exfiltrated data from Andrews Fashion and threatens to publish all obtained information if a ransom of $15,000 is not paid. The disclosure status is listed as 'data_published', indicating the group has already released or is releasing the data.
Data the group says was taken
AI dossier — extracted from the leak post- Customer personal data (GDPR-regulated)
- Business/corporate client records
- E-commerce order and transaction data
- Internal company files
What the group claims
We will leak all of the info we have on you if dont get paid.We require a ransom of $15,000
Sources
- Victim siteandrews.bg
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

