[BLACKNEVAS] – Ransomware Victim: Trojan Construction & Holding Group

AI Generated Summary of the Ransomware Leak Page

On October 21, 2025 at 13:06:37, a leak page attributed to the ransomware group blacknevas claimed a breach of Trojan Construction & Holding Group, a UAE‑based construction company with a broad project portfolio. The post frames the incident as a data-leak event rather than a pure encryption incident and asserts that more than 3 terabytes of project and financial reporting data from 2024–2025 were exfiltrated. To illustrate the scale, the page provides a defanged link to a file-sharing site: hxxp://gofile[.]io/d/4Uf42V. A contact email is listed for those interested in purchasing the data; in this summary, that address has been redacted. The leak page also offers background context describing Trojan Construction & Holding Group as a major Abu Dhabi–based contractor, though the focus for this summary remains on the victim entity. The post date is 2025-10-21 13:06:37, and no explicit compromise date is provided on the page, so this timestamp is treated as the post date.

Regarding visuals, the leak entry contains no screenshots or images; it relies on textual claims plus the defanged data link and a sales invitation. The primary claim is the exfiltration of over 3 TB of 2024–2025 project and financial reporting data, with no ransom amount disclosed on the page. This presentation aligns with common ransomware double-extortion patterns in which attackers monetize stolen data and offer samples for sale. The contact channel for negotiations is redacted in this summary. The page remains focused on the victim entity, and any other corporate names that appear in the surrounding text are outside the scope of this summary. Readers should treat this as a data-leak incident and consider independent verification of the dataset’s scope, provenance, and potential impact on operations and risk management.