Ransomware Group: INCRANSOM

VICTIM NAME: nissi-beach[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the INCRANSOM Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak pertains to Nissi Beach Resort, a prominent hospitality establishment located in Ayia Napa, Cyprus. The resort has earned a reputation as a premier vacation destination, attracting numerous visitors throughout the year. The compromised data includes sensitive information related to the company’s operations, with a significant volume of approximately 400 gigabytes. The attack date is recorded as May 16, 2025, and the breach has exposed internal information that could impact both the organization’s reputation and operational security. Reportedly, the threat actors have listed the leak on their dark web platform, providing access to leaked data through their claim URL. Visual evidence of the attack includes a screenshot indicating the extent of the data breach.

The leak involves details about the company’s revenue, employee count, industry type, and contact information, including phone numbers. No specific personal employee data or internal passwords are disclosed publicly. The incident highlights the vulnerabilities within the hospitality sector, especially for businesses handling substantial guest information and revenue. Cybercriminal groups like incransom are responsible for this breach, aiming to disrupt operations and possibly extort the organization. Additionally, while no direct communication with the victim appears to be included, the leak’s public presence suggests ongoing risks related to data exploitation. The publicly available screenshot underscores the seriousness of the breach, which could lead to further malicious activities or victim targeting if not properly contained.