Ransomware Group: CLOAK

VICTIM NAME: Ws*******[.]de

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the CLOAK Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The displayed leak page pertains to a ransomware attack targeting an entity identified as “Ws*******.de.” The attack was publicly disclosed on July 7, 2025. Although the specific details of the incident, such as the nature of data compromised or the attack methodology, are not provided, the timestamp indicates this breach was identified and made available to the public on the same day as discovery.

The page appears to be part of a leak operation associated with a group called “cloak.” It does not include any visible screenshots, victim description, or detailed information about the attack’s impact. No additional context about the victim’s industry, country, or type of data affected has been included. The information shared is limited and does not specify whether sensitive data, such as personal or financial information, was compromised.

There are no available download links or evidence of leaked data visible in the current report. The absence of detailed information suggests either that the leak is minimal or that the contents are yet to be published or analyzed. Overall, this page signifies a ransomware incident with limited publicly disclosed details, underscoring the importance of ongoing monitoring for further updates or potential data disclosures related to the breach.