Ransomware Group: INCRANSOM

VICTIM NAME: The Kingdom of Tonga’s Ministry of Health

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the INCRANSOM Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak involves the Ministry of Health of the Kingdom of Tonga, a critical entity within the country’s public sector. The attack was publicly disclosed on June 27, 2025, approximately a day after the attack date of June 26, 2025. The leak is hosted on an anonymous onion site, suggesting an effort to conceal the identity of the perpetrators. The compromised data is believed to contain sensitive information related to Tonga’s health system, which includes central hospitals, health centers, and community services, and is vital for managing public health challenges such as non-communicable diseases and infectious illnesses. The disclosure emphasizes the severity and potential impact on public health services.

The leak page does not specify the exact nature of the data compromised but mentions that the information has been made accessible via a concealed web link. The health system of Tonga faces ongoing issues such as rising rates of diabetes, obesity, cardiovascular diseases, cancers, and persistent communicable diseases like tuberculosis and sexually transmitted infections. The incident underscores the cybersecurity vulnerabilities in the health sector of small island nations and raises concerns about the exposure of confidential health data. Although the leak’s detailed contents are not publicly disclosed, the presence of a claim URL indicates an active effort to publicize the breach. Visual evidence such as screenshots is not provided, but the incident highlights the importance of robust cybersecurity measures in protecting sensitive health information.

The attack’s discovery on June 27 and subsequent publication suggest a focused attack aimed at disrupting health services or demonstrating the breach’s seriousness. The ongoing threat of ransomware attacks on government health departments worldwide necessitates heightened security protocols. This incident reminds organizations within the public health sector to strengthen their cybersecurity frameworks to prevent potential information theft or operational disruptions that could jeopardize public health efforts, especially in vulnerable regions like Tonga.