Dyhrberg AG Switzerland Listed by Deadlock Ransomware Group
N/A
On July 10, 2026, Swiss wealth management firm Dyhrberg AG appeared on the leak site of the Deadlock ransomware group, with the attackers claiming to have exfiltrated internal files following a ransomware incident.
Confirmed Facts from Reporting
Public reporting indicates that Deadlock posted a listing for Dyhrberg AG on its dark web leak portal. The entry references data described as internal files taken from the firm’s systems. No exact victim count has been disclosed, and the precise volume or sensitivity of the material remains unconfirmed by independent third parties. The listing follows the group’s standard pattern of publishing samples or announcements after an initial extortion window passes. Available reporting describes the incident as a ransomware attack that combined encryption with data theft, a dual approach now common in this category of crime.
Why This Matters for You and Your Family
When a financial services company like Dyhrberg AG loses control of internal files, the ripple effects reach ordinary people. Client records, correspondence, account details, or supporting documentation can contain names, addresses, dates of birth, phone numbers, email addresses, and financial references. If your data was among the records, it can be sold, swapped, or used to launch further attacks against you. Families often discover the consequences only after identity theft appears on credit reports or unexpected login attempts hit their accounts. The breach underscores that even mid-sized European financial firms handling everyday client wealth are now routine targets.
The Doxxing and Identity-Chain Risks
Stolen internal files frequently contain more than isolated records. They can link email addresses to client names, phone numbers to physical addresses, and sometimes tie those identities to account numbers or transaction histories. Attackers and subsequent buyers then combine this information with data from earlier breaches to build detailed profiles. A single exposed email can lead to credential-stuffing attempts across banks, email providers, and social media. When children’s information appears in the same datasets — such as guardianship records or family-linked accounts — the chain extends to their digital footprints as well. Credential leaks of this nature routinely cascade into gaming account takeovers, where attackers use stolen logins from one service to seize control of Steam, Roblox, or Epic accounts that share passwords or recovery emails.
Deadlock Ransomware Group Track Record
Public reporting attributes Deadlock’s emergence to late 2023. The group has since listed dozens of organizations across manufacturing, technology, professional services, and finance. Notable prior victims named in open sources include companies in the United States, Europe, and Latin America, though exact details vary by report. Their typical playbook begins with initial access gained through phishing, remote desktop protocol weaknesses, or stolen credentials. Once inside, they exfiltrate selected directories before deploying ransomware. Extortion follows a double-pressure model: first demanding payment to prevent file encryption, then threatening to publish stolen data on their leak site if the victim does not pay a separate ransom. Deadlock maintains an active onion site where it posts victim names and sample data when negotiations fail.
What to do
- Run a DoxxScan to map every link between your handles, emails, phone numbers, and real-world identity so you can see the exposure created by this and earlier breaches.
- Rotate any password you used at Dyhrberg AG or related financial portals anywhere it has been reused, and switch on two-factor authentication through an authenticator app rather than SMS.
- Enable continuous DoxxScan monitoring across 15.4 billion breach records and more than 100 platforms so the next leak that touches your family is flagged within hours instead of months.
- Cover the household with DoxxScan family protection that includes dependents and children’s gaming accounts, which often become targets when credential leaks chain back to a shared family address or recovery email.
- Let remediation specialists handle the follow-up work, including takedown requests to data brokers and monitoring for any reappearance of the stolen Dyhrberg AG files.
The incident shows that financial data held by specialized firms can surface on ransomware leak sites with little warning. Taking concrete steps now limits how far attackers can travel down the identity chain that begins with this breach. DoxxScan by GalaxyWarden delivers continuous monitoring across 15.4B+ breach records and 100+ platforms, AI-powered identity-chain mapping, hands-on remediation by specialists, and full household coverage that explicitly protects children’s gaming accounts from the kind of credential-based takeovers this incident can trigger.
Related breaches
Bombas Ideal Listed by Deadlock Ransomware Group
Bombas Ideal is a Spanish manufacturer established in 1902 specializing in water pumps and pressure …
Ring Textile Production RTP SRL Listed by Deadlock Ransomware Group
rtpbz.ro is the official domain for Ring Textile Production RTP SRL, a Romanian textile manufacturin…
Bridgeport S.p.A. Listed by Deadlock Ransomware Group
Bridgeport a leading Italian manufacturing company specializing in the production of valves for air,…
A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.
⚠ Were you in this breach?
Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.
Check my email — free →