Ransomware Group: INCRANSOM

VICTIM NAME: ros[.]eu

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the INCRANSOM Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The leak page pertains to a company operating within the technology sector, specifically engaged in manufacturing components for conveying systems. The company, based in Germany, specializes in idler rollers, motor rollers, and related accessories, with an annual revenue of approximately $6.6 million and a workforce of 25 employees. The compromised data includes a substantial 450GB of information, potentially covering proprietary technical details, internal communications, and operational data. The announcement indicates that the breach was discovered on May 16, 2025, with the attack date recorded as the same day, suggesting immediate impact or effective detection. The leak may include sensitive business information, which could potentially affect the company’s operations or reputation. Digital evidence such as a screenshot of an internal document is available, illustrating the extent of data exposure.

The attackers appear to have gained access to confidential information stored within the victim’s systems, which could include design files, internal correspondence, or other proprietary data. The public disclosure includes a link to a blog post, indicating that the company’s data has been compromised and is now accessible through the dark web. Notably, the leak page showcases a screenshot of internal documents, possibly containing business strategies or technical schematics, though no explicit content details are provided. Public details, such as contact information and official website, are included to facilitate communication but do not reveal sensitive PII. The breach highlights the importance of cybersecurity measures for manufacturing firms operating in the digital age, particularly as they handle sensitive technical and business data that could be exploited if compromised.