Ransomware victim disclosure
← All victimsLA VOIE EXPRESS
Claimed by Medusa · listed 9 months ago
Status timeline
- ListedOct 14, 2025
- Data leakeddate unknown
At a glance
- Group
- Medusa
- Status
- Data leaked
- Country
- Morocco
- Sector
- Transportation/Logistics
- Listed on leak site
- Oct 14, 2025
- Records
- 145 Employees
About the victim
AI dossier — public-source company profileLa Voie Express appears to be a transportation and logistics company, likely operating in Morocco (country code MA), based on its name suggesting express courier or freight delivery services. No public website content was available to confirm operational details or scale.
- Industry
- Transportation & Logistics (Express Delivery/Courier)
Attack summary
Severity: medium — Data is marked as published, indicating confirmed exfiltration and public release, but no details on data type, volume, or sensitivity are available from the truncated post, preventing a higher severity classification.The Medusa ransomware group has listed La Voie Express with a status of 'data_published', indicating the group claims to have exfiltrated data and has published it after likely non-payment of ransom. No specific data volume or ransom amount was disclosed in the available post.
What the group claims
LA VOIE EXPRESS offers comprehensive logistics services including messaging, transport, e-commerce solutions, and warehousing. The company focuses on improving client competitiveness by ensuring safe, timely, and cost-effective delivery of goods. It serves a wide range of clients, providing tailored logistics solutions to meet their specific needs. With a network of regional agencies, LA VOIE EXPRESS emphasizes flexibility and responsiveness to varying demands while maintaining high service quality. company is headquartered in 19, Rue Abou Bakr Ibnou Koutia, Oukacha, Aïn Sebaâ, Casablanca, Morocco. 145 Employees
The leak post
captured from the group's siteHuman Verify Human verification required We need to ensure you're a real person. Please solve the captcha below to continue. Verify
Sources
Source
Indexed 9 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

