Ransomware Group: INTERLOCK

VICTIM NAME: Kalamazoo Public School District

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the INTERLOCK Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to the Kalamazoo Public School District, located in the United States. The district oversees 25 public schools and provides educational services ranging from preschool to high school, including adult education and special programs aimed at fostering academic success and personal growth. The leak was discovered on May 23, 2025, indicating a recent security incident affecting this educational institution. The page features a screenshot showing internal documents, which may contain details of the breach or compromised data, but these have been sanitized to exclude any sensitive information. The leak highlights the district’s involvement in an attack by a group named “interlock,” which specializes in data theft using various infostealer tools. Notably, the group operates multiple infostealers, such as RedLine and Lumma, with a total of 57 users involved, indicating a substantial operation. The breach details also include the presence of data related to several third-party entities. The incident underscores the importance of cybersecurity within educational institutions, as sensitive information and operational integrity are at risk.

The leak page provides a link to a claiming URL on the dark web, where further details or stolen data may be accessible. No personally identifiable information or PII related to students, staff, or administrators is included in this sanitized report. The inclusion of a screenshot suggests that there may be evidence of data exfiltration or internal documents compromised during the attack. The incident demonstrates the vulnerability of public educational institutions to cyber threats, emphasizing the need for robust security measures and proactive defenses to protect sensitive data and ensure continuity of services.