Ransomware Group: INCRANSOM

VICTIM NAME: www[.]marvimundo[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the INCRANSOM Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The discovered ransomware incident involves the website of a consumer services company based in Spain. The attack was publicly disclosed on July 15, 2025, with the company’s data breach date likely occurring in early May 2025. The leak includes a screenshot of the victim’s website, which provides visual confirmation of the compromised platform. The breach was part of an operation by a group identified as “incransom.” Additional technical details about the nature of the data exfiltration or potential data types affected are not specified. The leak’s purpose appears to be publicizing the breach and possibly extorting the victim. No personally identifiable information or sensitive internal details are openly disclosed in the leaked content.

The leak page contains a link to a detailed blog post hosted on the dark web, which likely includes more information about the breach. The breached website, www.marvimundo.com, operates within the consumer services sector and is located in Spain. The presence of a screenshot highlights the extent of the compromise, though no explicit data or proprietary information is revealed in the publicly accessible leak summary. The incident underscores the risks faced by companies in the consumer sector, emphasizing the importance of cybersecurity measures to prevent or mitigate such breaches. Further technical or victim-specific information is not provided publicly beyond the leak’s announcement and screenshot evidence.