Ransomware victim disclosure
← All victimsregencyrestors
Claimed by Stormous · listed 2 months ago
Status timeline
- ListedMay 2, 2026
- Data leakeddate unknown
At a glance
- Group
- Stormous
- Status
- Data leaked
- Country
- United States
- Sector
- Consumer Services
- Listed on leak site
- May 2, 2026
About the victim
AI dossier — public-source company profileRegency Restors appears to be a US-based consumer services company operating in the hospitality or reservations sector, likely managing customer bookings and related services. The name suggests a focus on restoration or restorative hospitality experiences. No public website content was available to confirm further operational details.
- Industry
- Hospitality & Reservation Services
Attack summary
Severity: critical — Confirmed exfiltration includes scanned government-issued identity documents (passports, national IDs) and PII at scale from customer reservation databases, constituting regulated sensitive personal data. RDP credentials also pose significant further compromise risk.The Stormous ransomware group claims to have exfiltrated data including full customer reservation databases, scanned identity documents, internal emails, employee and customer email lists, and RDP credential files from regencyrestors.
Data the group says was taken
AI dossier — extracted from the leak post- Customer reservation databases (names, phones, emails, addresses, booking dates)
- Scanned ID documents (passports, national IDs)
- Internal emails via OWA
- Employee email lists
- Customer email lists
- RDP credential files
What the group claims
Full customer reservation databases (names, phones, emails, addresses, booking dates) Scanned ID documents (passports, national IDs) Internal emails via OWA Employee and customer email lists RDP credential files
Source
Indexed 2 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

