Ransomware victim disclosure
← All victimsDrillmex
listed as www.drillmex.com · Claimed by Toufan · listed 3 years ago
Status timeline
- ListedDec 19, 2023
- Data leakeddate unknown
At a glance
- Group
- Toufan
- Status
- Data leaked
- Country
- Mexico
- Sector
- Manufacturing
- Listed on leak site
- Dec 19, 2023
About the victim
AI dossier — public-source company profileDrillmex is a Quebec-based industrial tool distributor specializing in high-performance cutting tools, including carbide drills, end mills, taps, indexable tooling, CNC machine tool holders, precision instruments, lubricants, and inventory management systems. Established in 1982, they maintain a catalog of over 500,000 products and serve industrial customers across Quebec with two offices in Ste-Julie and Quebec City.
- Industry
- Industrial Tool Distribution & Cutting Tools
- Address
- Ste-Julie, Quebec, Canada (primary location); also Quebec City office
- Founded
- 1982
Attack summary
Severity: medium — Disclosure status confirms data publication, suggesting exfiltration occurred. However, without captured leak post details, proof files, or specific data inventory, the actual scope and sensitivity of exposed data cannot be assessed. Medium severity reflects confirmed data disclosure but absence of evidence regarding sensitive/regulated data or operational disruption.The Toufan group claims to have attacked Drillmex; however, no leak post details were captured. The disclosed status indicates data was published, but the specific nature of the breach (encryption, exfiltration, or both) and data types are not documented in the available evidence.
Sources
- Victim sitedrillmex.com
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

