[DRAGONFORCE] – Ransomware Victim: G[.] Hauswirth Architects

AI Generated Summary of the Ransomware Leak Page

On November 3, 2025, a leak post attributed to the ransomware group DragonForce claims to have compromised G. Hauswirth Architects, a firm in the Construction sector. The post presents the incident as a data-leak rather than a purely encrypted outage, signaling that sensitive data was exfiltrated from the victim’s network. The publication date aligns with the leak’s post date, and the page provides a claim URL for further negotiation or messaging, which is a common feature in ransomware leak sites. The post includes 24 attached images, described broadly as screenshots or internal documents, suggesting a gallery of stolen content rather than a single downloadable dataset. Notably, the post does not disclose an encryption status or a ransom amount within the text.

The leak page references multiple image attachments hosted with links that resemble onion (Tor) destinations, a detail that aligns with the attackers’ tendency to circulate stolen material via private channels. The overall page content appears to follow a standard leak-site format, with a CSS/branding fragment present in the body excerpt and a gallery of internal-material images as the primary evidence of the breach. There is no explicit ransom figure shown in the post, and no downloadable payload is indicated beyond the image gallery. This combination—data-leak framing, a 24-image attachment set, and a claim URL—fits the ransomware-leak pattern typical of double-extortion campaigns and underscores the ongoing risk to construction-sector firms handling sensitive project data.