Ransomware Group: INCRANSOM

VICTIM NAME: Majestic

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the INCRANSOM Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to a victim identified as “Majestic,” located in the Philippines. The breach was publicly disclosed on July 9, 2025. The page indicates that a data compromise occurred on the same date, suggesting that confidential or sensitive information may have been leaked or made vulnerable. The leak is associated with the ransomware group “incransom,” which is known for targeting organizations and releasing stolen data on the dark web to pressure victims into paying ransoms. The page includes a screenshot of what appears to be internal documents or data, implying a significant data breach involving potentially compromising information.

Additional details reveal that the page features efforts to claim or verify the breach, including a link to a dark web claim URL. The disclosure does not specify the type of data leaked, but the presence of a screenshot hints at technical or business-related content being exposed. The breach’s discovery timestamp indicates that it was identified about six hours after the initial attack, demonstrating ongoing monitoring and detection mechanisms. There are no direct references to personally identifiable information or specific company data within publicly available content, suggesting that the breach may involve confidential but non-PII data. The leak underscores the threat posed by ransomware groups in Southeast Asia, and the incident has garnered attention as an example of cybercriminal tactics aimed at extorting organizations through data exposure.