Ransomware victim disclosure
← All victimsAustralian First Mortgage Pty Ltd
listed as Emoney · Claimed by Royal · listed 4 years ago
Status timeline
- ListedDec 28, 2022
- Data leakeddate unknown
At a glance
- Group
- Royal
- Status
- Data leaked
- Country
- Australia
- Sector
- Financial Services
- Listed on leak site
- Dec 28, 2022
- Ransom demanded
- $5M
About the victim
AI dossier — public-source company profileAustralian First Mortgage Pty Ltd is an Australian financial services company operating under the brand 'Emoney' (emoneyfinance.com.au). The company employs between 21 and 50 people and generates estimated annual revenue of $5M–$10M. It operates in the mortgage and financial services sector in Australia.
- Industry
- Mortgage & Financial Services
- Employees
- 21-50
Attack summary
Severity: high — Data has been published by the group ('data_published' status) and the victim is a financial services/mortgage company, meaning regulated financial data and customer PII are likely at significant risk; however, specific data types and scale are not confirmed in the post.The Royal ransomware group claims to have attacked Australian First Mortgage Pty Ltd and published data (disclosed status: data_published), with a stated ransom demand of $5M. The specific nature of data exfiltrated or encrypted is not detailed in the truncated post.
Data the group says was taken
AI dossier — extracted from the leak post- Financial services records
- Potentially customer mortgage data
- Business financial data
What the group claims
Australian First Mortgage Pty Ltd is a company that operates in the Financial Services industry. It employs 21-50 people and has $5M-$10M of revenue.
Sources
- Victim siteemoneyfinance.com.au
Source
Indexed 4 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

