EMTCO Ransomware Attack by m3rx (May 2026)

Claim Summary

On May 3, 2026, the ransomware group known as m3rx allegedly posted a claim on its dark web leak site targeting EMTCO (emtco.com), operating as Engineered Machine Tool, Inc. The threat actor claims to have exfiltrated 180GB of data, comprising 698,000 files, from the Wichita, Kansas-based business services firm. According to the leak site, the attack occurred on May 3, 2026, and the group has posted a sample of the alleged stolen data. Yazoul Security has not independently verified this claim, and the victim organization has not issued a public statement as of this writing.

Threat Actor Profile

The group m3rx is a relatively obscure ransomware operation with limited public attribution. Based on available intelligence, m3rx appears to be a newer or smaller-scale threat actor, as no significant research references, known tools, or established victim counts are publicly documented. The group’s tactics, techniques, and procedures (TTPs) remain largely unknown, making it difficult to assess their operational maturity or credibility. Without a confirmed track record, the claim against EMTCO should be treated with heightened skepticism, as ransomware groups often exaggerate or fabricate attacks to pressure victims into negotiations. No YARA rules or detection guidance specific to m3rx are currently available.

Alleged Data Exposure

The threat actor claims to have stolen 180GB of data, including 698,000 files, from EMTCO’s network. The leak site allegedly includes a sample of the data, though Yazoul Security has not reviewed its contents. The claimed data volume suggests a broad compromise, potentially encompassing proprietary engineering designs, client contracts, employee records, financial documents, and operational data related to EMTCO’s custom machinery and automation systems. Given EMTCO’s specialization in Automatic Storage and Retrieval Systems and Large Tool Palletizing Systems, any exfiltration could include sensitive intellectual property and client-specific manufacturing specifications.

Potential Impact

If the claim is verified, the impact on EMTCO could be significant. As a provider of custom machinery and tooling since 1987, the company likely holds proprietary designs and trade secrets that are critical to its competitive advantage. Exposure of client data could lead to contractual breaches, reputational damage, and potential legal liabilities. Additionally, the theft of operational data may disrupt ongoing projects and installation schedules. For EMTCO’s clients in the manufacturing sector, there is a risk of supply chain exposure if their proprietary information was included in the breach. The group’s demand for ransom, if any, has not been disclosed.

What to Watch For

Yazoul Security recommends monitoring for the following developments:

• EMTCO’s official response, including any confirmation or denial of the breach.
• Further posts from m3rx on their leak site, including additional data samples or a full data dump.
• Indicators of compromise (IOCs) associated with m3rx, which may emerge as security researchers analyze the claim.
• Any ransom negotiations or payment demands that could confirm the group’s operational status.
• Potential secondary attacks targeting EMTCO’s clients or partners if the stolen data is weaponized.

Disclaimer

This report is based solely on an unverified claim posted by the ransomware group m3rx on their dark web leak site. Yazoul Security has not independently confirmed the attack, the data exfiltration, or the identity of the victim. Ransomware groups routinely exaggerate or fabricate claims to pressure victims into paying ransoms. All information should be treated as preliminary and subject to change upon verification. No PII, download links, data samples, credentials, or .onion URLs are included in this report. For further intelligence, please refer to Yazoul Security’s dark web monitoring resources at /intel/.