Ransomware Group: HANDALA

VICTIM NAME: Ivri, Kerner & Co

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the HANDALA Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page reports that the legal firm Ivri, Kerner & Co has been compromised on July 2, 2025. The attack has been publicly claimed as part of a campaign under the group name “handala.” The page criticizes the organization, describing it as a supposedly reputable pillar of legal integrity that has fallen victim to cyber intrusion. The incident appears to involve a breach of their security systems, exposing sensitive or confidential information. The leak aims to highlight issues of privacy and trust in legal institutions, suggesting that their encrypted vaults and protected data have been breached or compromised. The page includes a screenshot of the incident, emphasizing the severity of the breach.

The leak contains visual evidence, such as a screenshot linked on the page, which likely shows internal documents or details related to the attack. The attackers refer to themselves as witnesses of injustice and have claimed responsibility for exposing the organization’s security failure. Although specific details about the type of data leaked or the extent of the breach are not provided, the announcement underscores a significant compromise targeted at a notable Israeli firm. The incident raises concerns about cybersecurity vulnerabilities in professional and legal sectors, especially those holding sensitive or privileged information. The target organization was operating within Israel, and the breach date aligns with the announcement timestamp.