Simulation note: This mini-site is a controlled teaching artefact for the fictional case study The LotusCare Breach.
It is designed to mimic common patterns in ransomware “leak sites” and related chatter while avoiding any real dark-web access
and any illegal material.
Victim Listing: LotusCare Services (AU)
Status
Negotiation failed First tranche scheduled
Claimed volume
1.2 TB (unverified)
Deadline
96 hours (operator claim)
Jurisdiction note
AU High public scrutiny
Ransom Note (excerpt)
YOUR FILES HAVE BEEN ENCRYPTED.
Payment required in Bitcoin. Deadline: 96 hours before publication.
Demand is set at 2.8% of projected annual revenue (operator claim).
Window pricing: 0–24h: 8 BTC • 24–48h: 10 BTC • 48–72h: 12 BTC (then +15% per 24h).
If you ignore: we publish proof pack and then full archive in parts.
No games. No delays. We will answer only serious messages.
Study cue: treat this as untrusted. Evaluate which parts are likely signalling vs evidence.
“Proof Pack” Claims
Operators often list file names and counts. These can be authentic, fabricated, or copied from older incidents.
| Item | Claim | Red flags to notice |
|---|---|---|
| Client Services export LC-ClientServices_Export_2026-03-12.xlsx |
118,402 rows (clients + service interactions) | Timestamp uses UTC but other items use AEST. Naming style differs from other files. |
| HR payroll archive HR_Payroll_FY25-FY26.zip |
2,913 PDFs (payslips + contracts) | FY labels inconsistent with AU financial year conventions. |
| Board minutes Board_Minutes_Q4_2025.docx |
43 pages | Quarter designation “Q4” may not match internal governance terminology. |
| Community intake notes IntakeNotes_CommunitySupport_*.pdf |
9,xxx files | Rounded counts can indicate estimation rather than enumeration. |