RansomEXX attacks DVision Architecture

Incident Date:

July 3, 2023

World map



RansomEXX attacks DVision Architecture


DVision Architecture




Brescia, Italy

, Italy

First Reported

July 3, 2023

RansomEXX Ransomware Gang Attacks DVA - DVision Architecture

The RansomEXX ransomware gang has attacked DVA - DVision Architecture. DVision Architecture is an architectural firm that specializes in designing and planning architectural projects. DVA focuses on creating innovative and sustainable designs that meet its client's unique needs and aspirations. RansomEXX posted DVision Architecture to its data leak site on July 3rd but provided no further details.

The Evolution of RansomEXX

RansomEXX, originally known as Defray777 when it first emerged in 2018, gained significant attention in 2020 due to its involvement in high-profile attacks targeting government agencies and manufacturers. The ransomware variant was renamed RansomEXX after discovering the string "ransom.exx" in its binary code. In the same year, the group behind RansomEXX established a leak site to publish the stolen data they obtained. Even today, RansomEXX remains an active player in the realm of ransomware, alongside other variants such as LockBit and Conti.

Impact and Notable Attacks

Similar to these groups, the operators of RansomEXX have shown no hesitation in publicly exposing the data they steal from their victims. They have targeted government agencies and even disclosed sensitive information stolen from them. A notable example occurred in March 2022 when they attacked a Scottish mental health charity, releasing 12GB of data, including personal information and credit card details belonging to the charity's volunteers.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.