Ransomware Group: INCRANSOM

VICTIM NAME: alpha-steuer[.]de

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the INCRANSOM Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak pertains to a German company specializing in financial advisory services, specifically tailored to healthcare professionals. The incident was publicly disclosed on May 16, 2025. The compromised organization, operating under the domain alpha-steuer.de, is one of the leading firms in its sector within Germany, employing over 200 experts and serving thousands of clients. The breach involved the exfiltration of approximately 400GB of data, which appears to include sensitive business information and internal documentation. The page features a screenshot of internal documents, suggesting that confidential data has been compromised and may be available for malicious actors or for sale. The threat group behind the attack is identified as ‘incransom,’ known for targeting organizations with significant data assets. No personal identifiers or PII of clients or employees are publicly visible on the leak page, which emphasizes the scope of the data breach rather than specific individuals. Additional details reveal that the affected company has reported the incident and that the leak could potentially impact client confidentiality and operational stability.

The leak page includes a screenshot of internal documents, indicating that sensitive business and operational data has been unlawfully accessed and published. Although no specific personal information is openly displayed, the exposure of internal records could pose future risks such as extortion, reputational damage, and operational disruptions. The cybercriminal group responsible, incransom, has made the data publicly accessible, potentially offering it for sale or malicious use. The targeted company is a prominent player in Business Services in Germany, with substantial revenue and a large workforce dedicated to health sector clients. The cyberattack underscores the increasing threat facing organizations handling sensitive business and client data and highlights the importance of robust cybersecurity measures to prevent and mitigate such breaches.