Ransomware Group: NITROGEN

VICTIM NAME: M’AR De AR Hotels

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the NITROGEN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak pertains to M’AR De AR Hotels, a hospitality group based in Portugal that specializes in luxury accommodations primarily in the southern region of the country. The leak was discovered on April 25, 2025, and appears to have taken place on the same day. The hotel group emphasizes delivering personalized service, elegant design, and proximity to major tourist attractions. The breach was conducted by a known threat group associated with the “nitrogen” hacking collective, which is known for targeting organizations in various sectors. The leak includes a screenshot illustrating the compromised system, indicating that sensitive operational information may have been accessed or exposed. The incident highlights the ongoing cyber threats faced by the hospitality industry, which is increasingly targeted due to valuable customer data and operational details. No specific personal or employee data appears to have been leaked, but the exposure of internal information may have repercussions on the hotel’s reputation and security posture.

The leak page indicates the presence of download links, suggesting that attackers may have published stolen data for public access or sale. The information leaked could potentially include internal communications, business documents, or other proprietary data. The screenshot provided shows internal visuals that could give insights into system infrastructure or operational procedures, which malicious actors might exploit for future attacks. The attack was linked to the larger “nitrogen” hacking group that targets organizations for financial gain. The breach underscores the importance of strong cybersecurity measures in the hospitality sector to protect sensitive guest and operational data from cybercriminals. The victim’s online presence remains active, though the security incident may impact guest trust and business continuity if not properly managed.