[SINOBI] – Ransomware Victim: SANHUA INTERNATIONAL

AI Generated Summary of the Ransomware Leak Page

SANHUA INTERNATIONAL is identified as the victim in a ransomware leak post attributed to the Sinobi group. The company operates in the manufacturing sector and is based in China. The post date is 2025-10-21 18:17:21.678000; since no compromise date is provided, this is treated as the leak post date. The leak page centers on SANHUA INTERNATIONAL’s business profile rather than explicit breach details, highlighting eco-friendly refrigeration and air conditioning components designed to operate with natural refrigerants such as R290, R600a, and R744. It lists components including valves, controllers, transducers, filter driers and micro-channel heat exchangers, and frames these offerings as aligned with U.S. EPA mandates for greener refrigeration solutions, noting a North America introduction at the 2017 AHR Expo in Las Vegas.

Impact and ransom specifics are not explicitly stated in the provided data. The leak page shows no screenshots or downloadable files (images_count and downloads_present are both zero) and provides no stated ransom amount (income_or_ransom is empty). A claim URL is present on the page (defanged in this summary), but the actual address is not included here. There is no direct evidence in the dataset to confirm whether encryption or data exfiltration occurred; the post appears to emphasize SANHUA INTERNATIONAL’s product portfolio rather than detailing a breach, leaving the exact nature of the incident and its impact undetermined based on the information given.