Unsafeleak attacks The Chedi Muscat

Incident Date:

December 22, 2022

World map



Unsafeleak attacks The Chedi Muscat


The Chedi Musca




Muscat, Oman

, Oman

First Reported

December 22, 2022

The Unsafeleak Ransomware Attack on The Chedi Muscat

The Unsafeleak ransomware gang has attacked The Chedi Muscat. The Chedi Muscat is a 5-star hotel and resort located in Muscat, the capital city of Oman. It was designed by Jean-Michel Gathy, a renowned architect, and opened its doors in 2003. Located on the Gulf of Oman, surrounded by the Hajar Mountains, the hotel quickly established itself as one of Oman’s premier hotels.

Initially, the hotel was managed by the Singapore-based GHM (General Hotel Management) group. GHM was known for its expertise in operating luxury hotels and resorts around the world. In 2012, GHM’s sister company, The Chedi Management Company (TCMC), took over. The hotel is on a 21-acre plot, boasting 158 guestrooms and villas, 6 restaurants, a 103-meter-long swimming pool, a health club, and a Balinese spa.

Details of the Attack

Unsafeleak posted The Chedi Muscat to its data leak site on December 22nd but did not disclose how much data they stole or what they demanded as ransom. Unsafeleak is a relatively new ransomware gang, first appearing in December 2022, which recycles leaks from other ransomware groups. Unsafeleak provides security blogs for cybercriminals to post victims and leaked data, as well as paid-for consultation services. As it stands, very little is known about the group.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.