[INCRANSOM] – Ransomware Victim: zebra[.]or[.]at

AI Generated Summary of the Ransomware Leak Page

On November 6, 2025, zebra.or.at appears on a ransomware leak page as a victim of a data-exfiltration event. The victim is identified as zebra.or.at, based in Austria (country AT), with no industry specified in the provided metadata. The leak post claims that attackers have obtained zebra.or.at’s company data, including payment and tax documentation, as well as employee and client documents and materials related to projects and developments. This framing indicates a data-leak scenario rather than a pure encryption incident. A claim URL is provided on the page, though the actual link is not displayed here. The post date aligns with the date in the metadata (November 6, 2025). The available data does not show a specified ransom amount or explicit demand in the excerpt.

No media attachments are shown on the leak page: there are no screenshots or images listed (images_count is 0), and no downloadable files or external links are indicated (downloads_present false, link_count 0). The description states that the attackers claim to have access to zebra.or.at’s company data, including payment and tax documentation, employee and client documents, and projects and developments, underscoring the potential exposure of sensitive information and the risk to privacy and business operations. The content does not reveal sample documents or direct data samples in this excerpt, and the victim name zebra.or.at remains the primary identifier. The page indicates a data-leak scenario, consistent with the metadata, even though no explicit ransom figure is provided in the record.