The Benzona ransomware group claims to have breached Taminsho, an Iranian online retailer specializing in the sale of medical, dental, laboratory, and beauty equipment. Based in Shiraz, Taminsho serves as a significant supplier for healthcare professionals and clinics in the region. The threat actors have listed the company on their dark web leak site, signaling a successful double-extortion attempt involving both file encryption and data theft.
According to the actor, the volume of exfiltrated information is significant, totaling 80GB. The Benzona group has set a ransom demand of $70,000 and has threatened to release the stolen data publicly on December 25, 2025, if their demands are not met.
The allegedly compromised data includes:
-
Customer order histories
-
Medical equipment procurement records
-
Internal financial documents
-
Operational database backups
-
Employee and client contact information












