Ransomware victim disclosure
← All victimsGallier Orléans
Claimed by Mallox · listed 3 years ago
Status timeline
- ListedFeb 16, 2023
- Data leakeddate unknown
At a glance
- Group
- Mallox
- Status
- Data leaked
- Country
- France
- Sector
- Manufacturing
- Listed on leak site
- Feb 16, 2023
About the victim
AI dossier — public-source company profileGallier is a French building-services company headquartered in Saint-Jean-de-la-Ruelle (near Orléans), operating since 1954. The company provides heating, air-conditioning, plumbing, ventilation, electrical works, automation, and energy-maintenance services to both residential and professional clients. Notable references include projects for Galeries Lafayette, EHPAD facilities, and public venues in the Orléans region.
- Industry
- HVAC, Plumbing & Electrical Building Services
- Address
- SA GALLIER, Z.A. « La Vallée », 160 rue Léon Foucault, 45140 Saint-Jean-de-la-Ruelle, France
- Founded
- 1954
Attack summary
Severity: high — Data is marked as published (disclosed_status: data_published) and a downloadable archive with a password has been released publicly, confirming actual exfiltration and disclosure rather than a mere listing. The company handles contracts with healthcare facilities (EHPAD) and public infrastructure, raising the likelihood of sensitive business, employee, and potentially client PII being included.Mallox claims to have exfiltrated data from Gallier Orléans and has published what it states is the full dataset via an AnonFiles archive protected by a disclosed password. No ransom amount was stated and no data-size figure was provided.
Data the group says was taken
AI dossier — extracted from the leak post- Company files (undifferentiated archive)
The group's post references roughly 1 proof file.
What the group claims
DATA: https://anonfiles.com/NfWdw2Yby8/GALLIER_zipPASSWORD: ?ie(yD@83,%0HR^t6_#S|VW*L6^cA-B\
Sources
- Victim sitegallier.fr
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

