Ransomware Group: REBORNVC

VICTIM NAME: unyleya[.]edu[.]br

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the REBORNVC Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page details a cyberattack targeting Unyleya, a well-established educational institution in Brazil, specializing in digital and traditional education for over 18 years. The attack was discovered on July 8, 2025, and involved the theft of sensitive data including invoices, contracts, user information, and assignments. The attackers, identified as part of the group rebornvc, demanded a ransom of $10,000 to potentially prevent the public release of the stolen data. The breach resulted in the compromise of approximately 6,368 user records, alongside various internal assets. The incident highlights the ongoing risks faced by educational organizations handling valuable personal and institutional data.

The attack involved the deployment of multiple information-stealing malware strains, including Raccoon, RedLine, and Azorult, among others. These tools facilitated extensive data extraction from the victim’s systems, which may include confidential documents, financial records, and personal details. The page indicates that the hackers also exfiltrated administrative information and information related to third-party affiliates, totaling over 40 external domains. Notably, the leak page contains no visual content or screenshots but emphasizes the importance of cybersecurity defenses in protecting sensitive educational data. The incident underscores the vulnerabilities of institutions in the digital age and the critical need for robust security measures.