Forum

RTechReview ForumCyber Security: Data Breaches and Hacks DiscussionLockBit Ransomware Attack on ESOP …

Please or Register to create posts and topics.

LockBit Ransomware Attack on ESOP Direct India – Data Leak Threat Reported

#1 · January 23, 2026, 10:16 pm

Quote from TechUpdater on January 23, 2026, 10:16 pm
The notorious ransomware group LockBit has claimed responsibility for a ransomware attack on ESOP Direct, an India-based professional services company, according to a post published on the group’s data leak site (DLS).

The incident was first observed on 30 December 2025, when LockBit allegedly listed esopdirect.com on its leak portal. The threat actors claim to have accessed internal systems and exfiltrated sensitive data, warning that the information will be publicly released if ransom demands are not fulfilled. As of now, no data files have been leaked publicly.

ESOP Direct specializes in equity compensation administration, ESOP valuation, and accounting services for startups and enterprises in India. Due to the nature of its business, any confirmed breach could potentially impact confidential corporate, financial, and employee-related information.

Attack Overview

Threat Actor: LockBit Ransomware

Attack Type: Ransomware with data extortion

Country Affected: India

Industry: Professional Services

Status: Data not yet published

Like many modern ransomware incidents, this attack appears to follow a double-extortion model:

Unauthorized access and data exfiltration

Ransom negotiation with the victim

Public disclosure threat via leak site to increase pressure

At the time of writing, ESOP Direct has not issued an official public statement, and technical details such as attack vectors, ransomware strain indicators, or indicators of compromise (IOCs) have not been shared.

Why This Matters

Ransomware attacks on professional services firms are increasing, as these organizations often store high-value client data. This incident highlights the importance of:

Strong endpoint and email security

Regular offline backups

Continuous monitoring for ransomware threats

Incident response and breach communication planning

The situation is actively being monitored, and updates will be shared if data is released or if official confirmation becomes available.

The notorious ransomware group LockBit has claimed responsibility for a ransomware attack on ESOP Direct, an India-based professional services company, according to a post published on the group’s data leak site (DLS).

The incident was first observed on 30 December 2025, when LockBit allegedly listed esopdirect.com on its leak portal. The threat actors claim to have accessed internal systems and exfiltrated sensitive data, warning that the information will be publicly released if ransom demands are not fulfilled. As of now, no data files have been leaked publicly.

ESOP Direct specializes in equity compensation administration, ESOP valuation, and accounting services for startups and enterprises in India. Due to the nature of its business, any confirmed breach could potentially impact confidential corporate, financial, and employee-related information.

Attack Overview

Threat Actor: LockBit Ransomware
Attack Type: Ransomware with data extortion
Country Affected: India
Industry: Professional Services
Status: Data not yet published

Like many modern ransomware incidents, this attack appears to follow a double-extortion model:

Unauthorized access and data exfiltration
Ransom negotiation with the victim
Public disclosure threat via leak site to increase pressure

At the time of writing, ESOP Direct has not issued an official public statement, and technical details such as attack vectors, ransomware strain indicators, or indicators of compromise (IOCs) have not been shared.

Ransomware Attack on ESOP Direct India

Why This Matters

Ransomware attacks on professional services firms are increasing, as these organizations often store high-value client data. This incident highlights the importance of:

Strong endpoint and email security
Regular offline backups
Continuous monitoring for ransomware threats
Incident response and breach communication planning

The situation is actively being monitored, and updates will be shared if data is released or if official confirmation becomes available.

LockBit Ransomware Attack on ESOP Direct India – Data Leak Threat Reported

Attack Overview

Why This Matters

Attack Overview

Why This Matters

Join the Conversation