Ransomware victim disclosure
← All victimsAT&S (AquaTerra & SSH)
listed as AT&S · Claimed by Nokoyawa · listed 3 years ago
Status timeline
- ListedJul 29, 2023
- Data leakeddate unknown
At a glance
- Group
- Nokoyawa
- Status
- Data leaked
- Country
- Singapore
- Sector
- Business Services
- Listed on leak site
- Jul 29, 2023
About the victim
AI dossier — public-source company profileAT&S was incorporated in Singapore in 2009 as a merger of AquaTerra and SSH, formed to provide a full spectrum of products and services to the Oil & Gas and Marine sectors. It is described as the only Singapore-based company of its kind and one of the largest in its segment. The company operates under the Ame Group brand (atssh.com).
- Industry
- Oil & Gas and Marine Services
- Address
- Singapore
- Founded
- 2009
Attack summary
Severity: high — Data has been confirmed published by the threat actor, indicating successful exfiltration of business data from a company operating in the Oil & Gas and Marine sectors, which may include commercially sensitive operational and contractual information.The Nokoyawa ransomware group claims to have attacked AT&S and has published data (disclosed status: data_published), though the leak post does not specify whether encryption, exfiltration, or both occurred, and no ransom amount or data size is stated.
Data the group says was taken
AI dossier — extracted from the leak post- Company internal data
What the group claims
AT&S was incorporated in Singapore in 2009 with the goal to provide the entire spectrum of products and services to the Oil & Gas and Marine sectors, bringing AquaTerra and SSH together in a synergistic manner. At formation, we became the only Singapore-based company and one of the largest in the...
Sources
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

