Ransomware Group: LOCKBIT3

VICTIM NAME: ehlers-inc[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the LOCKBIT3 Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page concerns a notable municipal advisory firm based in the United States, which provides public finance solutions across several states including Minnesota, Wisconsin, Colorado, Illinois, and Kansas. The attack was publicly disclosed on May 6, 2025, when the attack activity was detected. The firm’s domain, ehlers-inc.com, was compromised in this incident. The leaked information suggests that sensitive internal data may have been accessed or exfiltrated, although specific contents are not detailed here. The page includes a screenshot of some of the leaked data, which appears to contain internal documentation, but explicit sensitive details are not disclosed in this report. No personally identifiable information or confidential client data are included in this summary.

The attack is attributed to the LockBit 3.0 ransomware group, a notorious cybercriminal organization known for targeting organizations with ransomware extortion campaigns. The incident was discovered shortly after the attack, on May 6, 2025, indicating prompt detection. Evidence shows that the attack involved infostealing activities, potentially compromising internal corporate information, but no indications of third-party data breaches or employee-specific data are reported. The incident underscores the increasing sophistication of cyber threats targeting public and private sector entities and highlights the importance of cybersecurity measures to protect sensitive institutional data. Additional data leaked or available for download was not specified, and there are no public details about the exact type or volume of data affected.