Ransomware victim disclosure
← All victimsАврора (Aurora)
listed as avrora24.ru · Claimed by Werewolves · listed 3 years ago
Status timeline
- ListedDec 20, 2023
- Data leakeddate unknown
At a glance
- Group
- Werewolves
- Status
- Data leaked
- Country
- Russia
- Sector
- Financial Services
- Listed on leak site
- Dec 20, 2023
About the victim
AI dossier — public-source company profileAvrora (Aurora) is a Russian pawn shop and second-hand goods retailer operating over 100 branches across the country. The company offers used electronics, appliances, and other merchandise with financing options, trade-in programs, and a loyalty rewards system. It has served approximately 755,000 customers.
- Industry
- Pawn Shop & Second-hand Retail
Attack summary
Severity: medium — Large customer database (755k+) potentially exposed, but no confirmation of sensitive financial or personal data exfiltration. Pawn shop operations typically involve identity verification; actual PII exposure cannot be confirmed from post alone.The werewolves group claims to have exfiltrated data from Avrora's systems. No specific details on data types are provided in the leak post, though the mention of 755,369 customers suggests potential access to customer records.
Data the group says was taken
AI dossier — extracted from the leak post- customer records
- client database
What the group claims
755369 клиентов,поддерживаем высокий уровень качества услуг - согласно проведенным исследованиям, индекс удовлетворенности наших клиентов NPS на уровне!Имеем более 100 филиалов.10 лет на рынке.130000$.
Sources
- Victim siteavrora24.ru
- Leak posthttps://werewolves.pro/en/krasnoyarsk-amaks-hotels-ru.html
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

