The Direwolf ransomware group has claimed responsibility for a multi-pronged cyberattack, allegedly breaching the networks of three international companies and exfiltrating a total of 796 GB of data. The victims, operating in vastly different industries, were listed on the threat actor’s dark web leak site on July 28, 2025. The group has threatened a two-stage data release, with sample files to be published on July 28, 2025, and a full data dump scheduled for August 15, 2025.
The attacks demonstrate the ransomware group’s indiscriminate targeting, impacting businesses across Asia. The compromise of sensitive data such as financial documents, customer information, and intellectual property poses a significant threat to the victims’ operations and reputation. The targeted companies come from critical sectors including professional services, manufacturing, and diversified trade, highlighting the broad risk landscape.
The victims allegedly targeted by the Direwolf ransomware group are:
- 🇹🇷 Acarlar Ltd: A Turkey-based conglomerate involved in the trade, fuel, tourism, and insurance industries. The attackers claim to have stolen 70 GB of data, allegedly including:
- Legal Documents
- Financial Documents
- Business Contracts
- Bank Transactions
- Accounting Records
- Audit Files
- 🇵🇭 W.L. FOODS: A prominent food and beverage company located in the Philippines. It was the hardest hit, with the group claiming to have exfiltrated 500 GB of data. The compromised files allegedly contain:
- Financial documents
- Commercial Contracts
- Sales Documents
- Customer information
- 🇸🇬 MGI Singapore PAC: An accounting services firm based in Singapore. The group allegedly stole 226 GB of highly sensitive information, including:
- Administration Data
- Auditing Data
- Commercial Advertising Data
- Intellectual Property Data
- Tax Data
- Customer Data
