Ransomware victim disclosure
← All victimsEM Resorts
listed as emresorts.com · Claimed by LockBit · listed 7 months ago
Status timeline
- ListedDec 26, 2025
- Data leakeddate unknown
At a glance
- Group
- LockBit
- Status
- Data leaked
- Country
- Mexico
- Sector
- Hospitality and Tourism
- Listed on leak site
- Dec 26, 2025
About the victim
AI dossier — public-source company profileEM Resorts is an award-winning luxury hospitality group operating two resort properties in Crete, Greece: Minoa Palace Resort and Euphoria Resort. The company emphasises a premium 'Euliving' philosophy combining Cretan culture, gastronomy, wellness, and sustainability. It markets to leisure, family, and business travellers seeking a high-end Mediterranean experience.
- Industry
- Luxury Resort & Hospitality
- Address
- Crete, Greece
Attack summary
Severity: high — Data has been published (disclosed status: data_published) by LockBit, confirming exfiltration. A hospitality operator holds significant volumes of guest PII (names, payment details, passport/ID data) and employee records, making the exposure potentially serious even without an explicit data size figure.LockBit claims to have attacked EM Resorts and has published data, indicating exfiltration of company data; no ransom amount or specific data volume has been stated in the post.
Data the group says was taken
AI dossier — extracted from the leak post- Guest personal information
- Employee/personnel records
- Business and operational documents
What the group claims
EM Resorts offers a luxurious and abundant experience in the heart of Crete, featuring two main prop...
Sources
- Victim siteemresorts.com
Source
Indexed 7 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

