HackerFeeds
All ransomware incidents
cili.lt

Ransomware group blacknevas hits CILI

MEDIUM
·Hospitality and Tourism·LT·2025-07-02

CILI — a hospitality and tourism target operating in LT has been listed by the blacknevas ransomware group on 2025-07-02. The information below reflects what the threat actor has publicly claimed on their leak site; the details have not been independently verified.

Incident Report

Target OrganizationCILI
Threat Group
blacknevas
Summary"cili.lt" is associated with Čili, a restaurant chain that operates in Lithuania and Latvia. It started as a pizza restaurant and has since expanded into various areas, including bistros, traditional Lithuanian-style restaurants, Chinese restaurants, coffee shops, and drive-ins. The website allows users to order pizza from Čili Pizza. Additionally, there is a mobile app available for ordering, which offers exclusive discounts.In stock, the database containing customer data, addresses, mail, mobile phones, shopping history and banking card
Date of Breach2025-07-02
Discovery Date2025-08-06
RegionLT
Target Domainwww.cili.lt
Business SectorHospitality and Tourism
Severity
MEDIUM

Claim by blacknevas

"cili.lt" is associated with Čili, a restaurant chain that operates in Lithuania and Latvia. It started as a pizza restaurant and has since expanded into various areas, including bistros, traditional Lithuanian-style restaurants, Chinese restaurants, coffee shops, and drive-ins. The website allows users to order pizza from Čili Pizza. Additionally, there is a mobile app available for ordering, which offers exclusive discounts.In stock, the database containing customer data, addresses, mail, mobile phones, shopping history and banking card

Posted by the blacknevas threat actor on its public leak site. This is the group's own statement and has not been independently verified by HackerFeeds.

Sources

Victim website

www.cili.lt

Leak post (onion / Tor)

tor

http://ctyfftrjgtwdjzlgqh4avbd35sqrs6tde4oyam2ufbjch6oqpqtkdtid.onion/publications/details/6e43dbb1-dc04-4fd1-a380-b755cf4a38d2

Open this URL in Tor Browser. Browsing leak sites carries real risk — view passively, never click further.

Disclaimer

HackerFeeds does not engage in the exfiltration, downloading, taking, hosting, viewing, reposting, or disclosure of any stolen information. All breach data reported here is sourced from publicly available threat intelligence feeds for awareness purposes only.