A post naming viennaairport.com and an APT73/Bashe-linked ransomware claim shows how quickly extortion branding can outrun proof.
A public ransomware label tied to Vienna Airport shows why leak-site posts should be treated as pressure events first, and proof only after technical confirmation.