Ransomware Group: BERT

VICTIM NAME: Columbia TI

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the BERT Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page does not specify a detailed attack date, but records indicate that the incident was discovered on June 5, 2025. The affected entity is identified as Columbia TI, a company involved in providing IT solutions including cloud services, cybersecurity, and infrastructure to support digital transformation initiatives in Brazil. The leak includes a screenshot displaying internal information, suggesting that sensitive technical or internal documents may have been compromised. Although no specific types of data are detailed, the leak’s visual evidence hints at possible exposure of confidential infrastructure or operational data. This incident highlights the importance of robust cybersecurity measures for organizations operating in critical sectors. Download links or leaks of data could potentially be available through the claim URL, which is accessible via the dark web.

The compromised entity’s activities are primarily within the IT solutions sector, with a focus on digital innovation and security. The leak page emphasizes the breach’s significance and shows evidence of the attacker’s access to internal information. The inclusion of a screenshot underscores the seriousness of the breach, although specific contents or sensitive details have been redacted to maintain privacy. The attack date suggests the incident occurred several days before discovery, emphasizing the need for proactive threat detection and response measures. The event underscores the ongoing risk faced by organizations involved in technology and cybersecurity services, especially in regions with developing infrastructure strategies like Brazil.