Imagine arriving at the office one day only to discover that you can’t access your documents, contracts, or administrative systems. Your operations are halted—and worse—a cybercriminal group announces it has stolen hundreds of thousands of sensitive company files. That was the reality for Manesa, a major Mexican auto parts and metalworking company that exports to major brands such as Apple, Google, General Motors, Ford, BMW, Chrysler, Audi, Philips, and Osram.
The attack was attributed to the ransomware group INC Ransom, one of the world’s most active. On its dark web portal, the group claimed to have exfiltrated over 315,000 files, nearly 90 GB of critical data, including contracts, international client records, employee files, and financial information. They gave the company three days to pay the ransom before leaking everything.
Ransomware isn’t just about encrypted documents. The consequences go much further:
In Manesa’s case, the most alarming part was the exposure of recent operational information. Among the files the hackers leaked as a “proof of life” were internal minutes from January 2025, accident metrics, production plans, customs data, accounts receivable, and legal records. In other words, this wasn’t old data—it was current and active.
The attack could affect administrative operations and open up risks of fraud and massive leakage of confidential information. (Source: Ignacio Gómez Villaseñor)
Manesa (Manufacturas Estampadas S.A. de C.V.) is a Mexican company founded in 1988 in Chihuahua. It currently operates three industrial plants with around 450 employees and annual sales of over $64 million USD. Its specialty lies in metal stamping, die-making, painting, and industrial welding—critical activities for both the automotive and tech industries.
That such a strategic player was compromised is no small matter. Manesa is embedded in global supply chains, exporting components that end up in consumer electronics and vehicles worldwide. The attack not only affects Manesa but could also ripple through its clients and suppliers across multiple countries.
Read more: Google Hit by Data Breach Following Salesforce Attacks
INC Ransom emerged in 2023 and quickly became one of the most aggressive cybercrime groups. According to international cybersecurity firms:
Manesa’s appearance on their victim list doesn’t surprise analysts—but it highlights a broader truth: even companies working with top-tier global clients are vulnerable without robust cybersecurity strategies.
The company has 450 employees and annual sales of more than 64 million dollars. (Source: INC Ransom)
Several common weaknesses lead to ransomware compromises:
Also of interest: Vulnerability in macOS Sploitlight Leaks Apple Intelligence Data
The criminals gave Manesa three days to respond, but it’s unclear whether the company negotiated. This reflects the difficult choice ransomware victims face:
Authorities and cybersecurity experts—including TecnetOne—strongly advise against paying. Ransoms only finance further attacks. The best strategy is prevention and having a solid contingency plan.
INC Ransom is one of the most active ransomware groups, with global attacks on critical sectors since 2023. (Source: Ransomware Live)
Despite its severity, this incident holds lessons for any company—regardless of size or sector:
At TecnetOne, we know that a ransomware attack affects more than just systems—it impacts operations, finances, and reputation. That’s why we offer:
The Manesa case is a clear warning: no one is safe from ransomware. In globally interconnected supply chains, one breach can cause a domino effect across industries.
The question is no longer if your company will be targeted, but when. At TecnetOne, we help ensure your answer is clear: You’ll be ready to resist, respond, and recover—without giving in to blackmail.