Skip to content
RansomwareOngoing

Diamond: OneDrive and SharePoint documents leaked by the Gunra group

On 8 April 2026, the French metal-grating manufacturer Diamond was listed on the Gunra ransomware group's leak site, which claimed to have exfiltrated confidential OneDrive and SharePoint documents covering projects, clients and internal operations.

Victim
Diamond

On 8 April 2026, Diamond β€” a French manufacturer of metal gratings (caillebotis) for industry and construction β€” was named as a victim on the leak site of the Gunra ransomware group, which claimed to have stolen and begun publishing confidential corporate documents.

Gunra is a double-extortion ransomware operation first observed in April 2025 and built in part on leaked Conti code. Its affiliates exfiltrate data before encrypting systems, then threaten to publish the stolen files on a Tor-based leak site to pressure victims into paying. In this case, the group claimed to have extracted files directly from Diamond's Microsoft cloud collaboration environments β€” OneDrive and SharePoint.

The exposed data reportedly consists of internal documents typically held in those platforms:

  • Project files and engineering or design documents
  • Client-related records
  • Internal operational and business documents

The exact volume of stolen data has not been disclosed, and Diamond had not issued a public statement at the time of reporting. For an industrial manufacturer, the leak carries strategic and competitive risk. The incident remains ongoing, with the data appearing on Gunra's extortion leak site.

Sources

  1. cyberattaque.orghttps://www.cyberattaque.org/diamond-les-documents-onedrive-et-sharepoint-divulgues-par-le-groupe-gunra/
  2. industrialcyber.cohttps://industrialcyber.co/ransomware/cyfirma-warns-of-gunra-ransomware-surge-targeting-critical-infrastructure-using-double-extortion-data-exposure/
  3. ransomlook.iohttps://www.ransomlook.io/group/gunra

Related incidents