Ransomware victim disclosure
← All victimsRegency Restors
listed as www.regencyrestors.com · Claimed by Stormous · listed 1 year ago
Status timeline
- ListedMay 11, 2025
- Data leakeddate unknown
At a glance
- Group
- Stormous
- Status
- Data leaked
- Country
- United States
- Sector
- Hospitality and Tourism
- Listed on leak site
- May 11, 2025
About the victim
AI dossier — public-source company profileRegency Restors operates as a hospitality/tourism business based on the domain www.regencyrestors.com. No public site content was available to verify specific services, location, or scale.
- Industry
- Hospitality and Tourism
Attack summary
Severity: critical — Confirmed exfiltration of PII at scale (full customer database with contact details and addresses), government-issued ID scans (passports, national IDs), and credentials providing system access. Data has been published by the threat actor.Stormous claims to have exfiltrated customer reservation databases, scanned ID documents (passports and national IDs), internal emails, employee and customer contact lists, and RDP credentials. The group has published data without stating a ransom demand.
Data the group says was taken
AI dossier — extracted from the leak post- Customer reservation database (names, phones, emails, addresses, booking dates)
- Scanned ID documents (passports, national IDs)
- Internal emails (OWA)
- Employee and customer email lists
- RDP credentials with usernames and passwords
What the group claims
Full customer reservation databases (names, phones, emails, addresses, booking dates) Scanned ID documents (passports, national IDs) Internal emails via OWA Employee and customer email lists RDP credential files (with usernames/passwords)
Sources
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

