[BEAST] – Ransomware Victim: Noroaco

AI Generated Summary of the Ransomware Leak Page

On November 6, 2025, a ransomware leak post publicly identifies Noroaco as a victim in an operation attributed to the BEAST group. The leak page presents a company profile for Noroaco, describing it as a steel products manufacturer with a product range that includes tubes, beams, tiles, and sheets, along with plasma cutting services, and noting more than sixteen years of industry experience serving sectors such as agribusiness, construction, metallurgy, and locksmithing. The page indicates that a claim URL is available for further verification, but it does not specify a compromise date beyond the post date or any ransom figures. Taken together, the post appears to publicize the intrusion and designate Noroaco as a victim, while not providing granular incident details in this excerpt.

The leak page shows no visual assets or downloadable content: there are zero images or screenshots, and no files or size metrics are reported. There is no explicit indication within the provided data of whether the attackers encrypted systems or simply leaked data, and no ransom amount is stated. With the post date serving as the temporal marker since a separate compromise date is not provided, the timeline remains unclear beyond the publication date. The presence of a defanged claim URL suggests a path for verification, but the available information does not reveal operational details or evidence beyond the victim’s identity and a generic business description.