Cyber Incident Victim: Excis

On May 30, 2020, the Sekhmet ransomware group publicly claimed responsibility for a significant cyberattack against Excis, an international IT firm. The attackers announced the breach on their dedicated leak site, stating they had compromised the company "very hard" and criticized the professionalism of Excis's IT management, specifically naming Kunal Amodkar. Sekhmet operators asserted that Excis's infrastructure contained critical vulnerabilities they exploited, mocking the company's advertised cybersecurity services—including securing banks, military sites, firewalls, and penetration testing—which contrasted sharply with the breach. As proof of compromise, the group released two password-protected archives containing a "big part" of Excis's data, justifying this action by quoting director Finn Lyskov's alleged dismissal of the stolen data's importance. Sekhmet threatened to release the archive passwords within 24 hours if their unspecified ransom demands remained unmet, intensifying pressure on the victim.

The attackers escalated their campaign by naming undisclosed corporate clients of Excis, warning they would notify these entities that their data had been stored "completely unprotected" on Excis servers. This tactic aimed to amplify reputational damage and operational disruption beyond Excis itself. No public statements, incident notifications, or service disruptions appeared on Excis's official channels following the attack. DataBreaches.net documented attempting to contact Excis for comment the night of May 29, but received no response by publication time on May 30. The ransomware group’s claims remained unverified by independent sources, leaving the full scope of data exposure, operational impact, and financial consequences unconfirmed. Sekhmet’s threat to continue attacking Excis indicated persistent targeting rather than a single intrusion event.