Ransomware victim disclosure
← All victimsThe Methodist Church of Southern Africa
Claimed by Beast · listed 9 months ago
Status timeline
- ListedOct 5, 2025
- Data leakeddate unknown
At a glance
- Group
- Beast
- Status
- Data leaked
- Country
- South Africa
- Listed on leak site
- Oct 5, 2025
- Ransom demanded
- $23.83
About the victim
AI dossier — public-source company profileThe Methodist Church of Southern Africa (MCSA) is a major Protestant denomination operating across Southern Africa, including South Africa, Namibia, Swaziland, Mozambique, and surrounding regions. It administers schools, children's homes, homes for the aged, a seminary (Seth Mokitimi Methodist Seminary), and a publishing house, alongside numerous lay organizations and district structures. The church is governed by a connexional structure with a Presiding Bishop and operates extensive community and mission programs.
- Industry
- Religious Organization & Church Administration
Attack summary
Severity: high — Data has been published (disclosed status: data_published) by the ransomware group against a religious institution that manages schools, children's homes, homes for the aged, a seminary, and bursary fund applications — all of which likely contain PII of minors, elderly individuals, students, and beneficiaries across multiple countries. The breadth of sensitive personal and institutional data elevates this beyond medium severity.The Beast ransomware group claims to have attacked the Methodist Church of Southern Africa and lists the disclosure as 'data_published', indicating data has been exfiltrated and published. The specific data types or volume have not been detailed in the leak post.
Data the group says was taken
AI dossier — extracted from the leak post- Organizational records
- Financial unit data
- Human resources records
- Communications documents
- Compliance documents
- Conference documents
- Bursary fund applicant data
- Mission and ministry records
What the group claims
The Methodist Church of Southern Africa is dedicated to proclaiming the gospel of Jesus Christ for healing and transformation. It offers various services including educational support through the Tsietsi Mashinini Bursary Fund, which empowers youth to access tertiary education. The church also provides a range of community-focused programs and institutions such as Methodist Schools and Homes for Children and the Aged. Its intended clients include members of the Methodist community and the broader Southern African population seeking spiritual and educational support.
The leak post
captured from the group's site[ 2fORM Architecture specializes in innovative sustainable architecture, offering design services for residential, commercial, and interior projects. Their portfolio includes a diverse range of developments, such as multi-family housing, health care facilities, and various remodels. The company aims to serve clients in the Pacific Northwest, including individual homeowners, businesses, and institutions. With a commitment to sustainability and creativity, 2fORM Architecture enhances the built environment through thoughtful design. ](http://beast6azu4f7fxjakiayhnssybibsgjnmy77a6duufqw5afjzfjhzuqd.onion/card/2form_architecture)[ ACMARK s r o is a company that operates in the Repair Services industry. It employs 10to19 people and has 1Mto5M of revenue. The company is headquartered in Brno, South Moravian, Czech Republic. ](http://beast6azu4f7fxjakiayhnssybibsgjnmy77a6duufqw5afjzfjhzuqd.onion/card/acmark)[ AJU Pharm Co., Ltd. is a prominent South Korean total healthcare company founded in 1953. For over 70 years, it has evolved from a manufacturer of raw materials into a global pharmaceutical group specializing in prescription drugs, medical devices, and health supplements P U B L I S H…
Screenshot of the leak post

Sources
Source
Indexed 9 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

