Ransomware Group: KILLSEC

VICTIM NAME: Medswana

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the KILLSEC Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page concerns a healthcare organization named Medswana, located in Botswana. The attack was publicly disclosed on May 20, 2025, and appears to involve the theft and potential leak of sensitive information. The leaked data includes details about the organization’s employees and third-party associates, indicating that at least one employee’s information, along with data related to other third-party entities, may have been compromised. The attack is attributed to the threat group “killsec,” known for targeted intrusions and data theft within the cybercrime ecosystem. Visual evidence, such as a screenshot, shows internal documents or data snippets, emphasizing the severity of the breach.

The compromised data appears to involve infostealer activity, suggesting that the attackers used malicious tools to extract confidential information. The incident’s details include technical metrics, such as the number of stolen items and associated third-party domains, indicating a significant data breach. No explicit claim of PII exposure or the nature of the stolen information is provided, but the leak raises concerns about patient privacy and institutional cybersecurity. The leak page also features a link to a claim URL on the dark web, which is typically used by threat actors or victims for further communication or verification. The organization’s activity in the healthcare sector further underscores the potential impact on medical data confidentiality and institutional integrity.