Ransomware Group: INCRANSOM

VICTIM NAME: TBC

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the INCRANSOM Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page concerns a governmental project management company based in Saudi Arabia, identified as “TBC.” The attack date is noted as July 8, 2025, with the discovery of the breach recorded shortly afterward on July 9, 2025. The organization specializes in construction, facility management, investment, and asset management, supporting Saudi Arabia’s Vision 2030 initiative. The leak information was published in a ransomware group’s platform, highlighting that sensitive operational details might have been compromised. The page includes a screenshot indicating that data from the organization has been leaked or accessed unlawfully, although specific content details are not provided.

The leak appears to be part of a campaign targeting high-profile, government-related entities. No specific sensitive data such as PII or company secrets are disclosed, but the presence of a graphical screenshot suggests that internal or proprietary information may have been exposed. The attack’s public disclosure emphasizes the ongoing cyber threat landscape targeting governmental infrastructure projects, especially those aligned with national development goals. The website hosting this leak provides a link to an external blog where further details or disclosures might be available, but no sensitive or personal information from the victims is shared in this summary.