[SPACEBEARS] – Ransomware Victim: Rios Espinosa

AI Generated Summary of the Ransomware Leak Page

On November 2, 2025, a leak entry attributed to the Spacebears ransomware group claims a breach of Rios Espinosa, a long-established Spanish professional services firm. The page describes Rios Espinosa as operating since 1985 with offices in Sabinillas, Estepona, Sotogrande, and Seville, and notes staff include economists, graduates, lawyers, and registered property managers. The attackers allege that personal information of employees and clients, along with financial documents, has been exfiltrated. They frame the incident as a data-leak event rather than a full encryption and indicate that a downloadable file is available. The published date on the leak entry is 2025-11-02, and the body text also indicates the post was published recently. A defanged reference to the victim’s site is present, for example hxxp://riosespinosa[.]com/. The post has 264 views.

The leak page shows three image attachments; the images are linked within the post and are hosted on onion-style addresses (defanged here). A “Download” link is present, suggesting a downloadable file accompanies the leak. The visible text asserts that personal information of employees and clients and financial documents were stolen, but no ransom amount is disclosed in the excerpt. The structure aligns with standard data-leak postings used by ransomware groups to signal data exfiltration and potential leakage.

Notes on sanitization: The victim name Rios Espinosa is preserved while any direct personal data is redacted. URLs are defanged in this summary. The page references the firm’s public site via a defanged link, without exposing live addresses. The industry field is not specified in the dataset, but the text presents the organization as a long-standing Spanish professional services firm with offices in multiple locales. Observers should treat this as a data-leak claim by Spacebears and monitor for further updates or data releases.