Serap: ransomware with 50 GB of data threatened
French manufacturer Serap, the world's leading maker of farm milk cooling tanks, was hit by an Akira ransomware double-extortion attack disclosed on 2 April 2026, with the group threatening to publish around 50 GB of stolen internal data.
- Victim
- Serap
On 2 April 2026, Serap β a French family-owned industrial group based in Mayenne and the world's leading manufacturer of farm milk cooling tanks β was named as a victim by the Akira ransomware operation. The group claimed to have breached Serap's network and to be holding roughly 50 GB of exfiltrated internal data, which it threatened to publish if a ransom was not paid.
The attack follows Akira's typical double-extortion pattern, combining file encryption with data theft. Akira has been one of the most active ransomware groups targeting French small and mid-sized industrial companies in 2025β2026, frequently gaining initial access through exposed or unpatched VPN appliances. The specific entry point used against Serap has not been publicly disclosed.
According to the threat actor's claims, the stolen archive includes:
- HR records and employee personal information
- Client files covering contracts in more than 80 countries
- Financial records and payment details
- Non-disclosure agreements (NDAs)
- Internal project documentation
As of disclosure, the incident remained ongoing: Akira was using the threat of public data publication to pressure Serap into negotiation. If the data is leaked, it could expose strategic commercial information and create downstream risks for the company's employees, clients and business partners across its international operations.
Sources
- cyberattaque.orghttps://www.cyberattaque.org/serap-ransomware-avec-50-go-de-donnees-menaces/
- groupeserap.frhttps://www.groupeserap.fr/tank-a-lait_serap-group_a-propos.phtml