Ransomware victim disclosure
← All victimsRoyal Star & Garter
Claimed by Ransomhouse · listed 2 years ago
Status timeline
- ListedMay 22, 2024
- Data leakeddate unknown
At a glance
- Group
- Ransomhouse
- Status
- Data leaked
- Country
- United Kingdom
- Sector
- Healthcare
- Listed on leak site
- May 22, 2024
- Data size
- 743 GB
- Ransom demanded
- $740
About the victim
AI dossier — public-source company profileRoyal Star & Garter is a UK-based charity providing specialized care and support for veterans and their families living with disability or dementia. The organization operates multiple residential care homes across England and offers a range of care services, activities, and support programs.
- Industry
- Healthcare & Social Care (Veteran Care & Support)
- Address
- Multiple locations: Solihull (West Midlands), Surbiton (Surrey), High Wycombe (Buckinghamshire), Worthing (West Sussex), United Kingdom
Attack summary
Severity: high — Healthcare organization serving vulnerable populations (elderly veterans with disability/dementia). Encryption of systems at a care facility creates operational disruption risk to critical services. Personal and medical data of vulnerable individuals at stake, though specific proof of exfiltration not detailed in post excerpt.Ransomware group claims to have encrypted systems at Royal Star & Garter. The post lists the victim among multiple organizations but provides no detailed breakdown of specific data exfiltrated from this target.
Data the group says was taken
AI dossier — extracted from the leak post- Patient/resident records
- Medical information
- Personal identifiable information
- Care documentation
What the group claims
Our mission To provide an outstanding range of quality care and therapies to veterans and their partners living with disability or dementia.
The leak post
captured from the group's site```
{"data":[{"id":"a1894b76b7004c75a3a0845799af49956592e3d9","display":"animated","header":"HOT NEWS","info":" Trellix is a global cybersecurity company.","url":"","sort":1,"views":"436242"},{"id":"336b257f582b17573c97578efd4b22762bf77344","sort":2,"header":"Trellix (McAfee & FireEye)","url":"https://www.trellix.com/","private":"false","revenue":"1.5-2 B$","employees":"5000","info":"Trellix is a global cybersecurity company formed from the October 2021 merger of McAfee Enterprise and FireEye. It provides services to over 50,000 business and government customers worldwide, protecting more than 200 million endpoints. The companys open and native extended detection and response (XDR) platform helps organizations confronted by todays most advanced threats gain confidence in the protection and resilience of their operations. Trellix, along with an extensive partner ecosystem, accelerates technology innovation through machine learning and automation to empower over 40,000 business and government customers with living security","statusDate":"DEPENDS ON YOU","status":"EVIDENCE","published":"NOT YET","action":"Encrypted","actionDate":"17/04/2026","volume":"~","content":"cybersecurity.html"…Sources
Source
Indexed 2 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

