Richmond Plywood Ransomware Claim by secpo (April 2026)

Claim Summary

The ransomware group known as secpo has posted an unverified claim of a cyberattack against Richmond Plywood Corporation Limited, a manufacturing firm based in Canada. According to the group’s leak site, the alleged intrusion occurred on April 14, 2026. The threat actor claims to have exfiltrated a significant volume of data, stating the total extracted data amounts to approximately 1.09 terabytes, comprising over 522,000 files. They further allege that a filtered subset of 230GB contains information referencing more than 2,500 individuals and 4,000 organizations.

Threat Actor Profile

The secpo ransomware operation is a relatively unknown entity with limited public footprint. There is no significant public research or intelligence reporting available on this group at this time. Their total number of known victims, preferred initial access vectors, specific malware tools, and tactics, techniques, and procedures (TTPs) are all currently undocumented. The lack of a known track record makes it difficult to assess their operational maturity or the typical credibility of their claims. As no YARA rules, detection signatures, or specific tooling are publicly associated with secpo, defenders should prioritize general ransomware hygiene and monitoring for anomalous data egress.

Alleged Data Exposure

Based solely on the group’s claims, the alleged data breach is substantial in volume. The threat actor purports to have taken 1.09TB of data. While the exact nature of the files is not specified, the claim that the data references thousands of individuals and organizations suggests it may include sensitive business documents, financial records, customer and partner information, employee data, and proprietary manufacturing details. The “filtered” data set of 230GB is likely what the group deems most valuable or damaging for extortion purposes.

Potential Impact

If the claim is valid, the potential impact on Richmond Plywood could be severe. A data leak of this alleged scale could disrupt operations, compromise sensitive business intelligence and trade secrets, and violate data privacy regulations. Exposure of personal information for 2,500+ individuals could lead to significant regulatory fines and erode trust with employees and partners. For a manufacturing firm, the theft of proprietary designs, process details, or supply chain data could undermine competitive advantage.

What to Watch For

Monitor for any official statement from Richmond Plywood Corporation Limited regarding a cybersecurity incident. Watch the secpo leak site for potential follow-up posts, such as sample data releases or increased extortion pressure, which may provide more clues about the claim’s validity. The cybersecurity community should be alert for any new information linking the “secpo” name to specific malware, infrastructure, or attack patterns that could help validate this and future claims.

Disclaimer

This report is based on an unverified claim from a ransomware group’s data leak site. Yazoul Security has not independently confirmed the alleged attack, data breach, or the contents of the leaked data. The details presented, including data volume and victim impact, are solely the claims of the threat actor. Ransomware groups frequently exaggerate their claims to coerce victims into paying ransoms. This information is provided for situational awareness and defensive intelligence purposes only.