Ransomware Group: INCRANSOM

VICTIM NAME: finanzconsult-immobilien[.]de

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the INCRANSOM Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak pertains to a financial services company operating in Germany, identified by the domain finanzconsult-immobilien.de. The attack was publicly disclosed on May 16, 2025, with the incident details appearing approximately seven hours later. The compromised data includes sensitive project information related to land development and real estate planning, specifically involving a project with an estimated revenue of $15 million and an affected data volume of 20GB. Evidence suggests that attackers gained access to internal business operations, potentially including confidential architectural and legal data, which could impact ongoing and future projects. The leak highlights the importance of cybersecurity in the financial and real estate sectors, emphasizing the need for robust protection measures to prevent unauthorized data access. The leak’s screenshot shows an internal system interface, indicating a breach of internal systems and data exfiltration.

The attackers have provided a claim URL, which appears to be an onion address, indicating the leak’s presence on the dark web. The incident is part of a broader ransomware campaign targeting organizations with valuable economic and project data. The publicly available information also includes a contact phone number and a reference to additional data related to employees and third-party services, though these details appear limited or anonymized. No personally identifiable information of individuals is disclosed. The breach underscores the critical need for enhanced cybersecurity protocols within the financial and real estate development industries to mitigate future risks and safeguard sensitive corporate information.