[OBSCURA] – Ransomware Victim: Thompson Dorfman Sweatman

AI Generated Summary of the Ransomware Leak Page

Thompson Dorfman Sweatman, a Canadian law firm operating in the Business Services sector, is identified as the victim on the leak page. The page frames the incident as a data-leak event rather than a purely encrypted breach and lists approximately 250 GB of data claimed stolen from the firm’s network. The post cites a revenue figure of $31.2kk and marks the status as Pending, with a countdown showing about eight days remaining from the post date (Time Left: 8d 3h 57m 25s). A claim URL is indicated as present, providing a channel for potential negotiations. The entry contains no images or screenshots (images_count is 0). The excerpt also includes a marketing description of Thompson Dorfman Sweatman LLP, laying out the firm’s stated values and approach to client service. The post date appears as 2025-10-30 20:42:35.174828, and since no explicit compromise date is provided, this timestamp is treated as the post date for reporting purposes.

Notes for incident analysts: The data-leak page treats the attack as a data-exfiltration incident with 250 GB claimed stolen. There is no explicit ransom amount shown in the excerpt; the page’s Pending status and the presence of a claim URL suggest an escalation path or potential ransom negotiation, as is typical in ransomware operations. The page contains no media attachments, limiting direct evidence of the data types involved. The victim is Canada-based and operates in the Business Services sector. Because a compromise date isn’t disclosed, the post date 2025-10-30 20:42:35.174828 is used as the reference timestamp for this write-up.