Ransomware Group: PAYOUTSKING

VICTIM NAME: C****o

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the PAYOUTSKING Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page reports a cyberattack targeting a victim identified as “C****o” located in the United Kingdom. The attack was discovered on July 15, 2025, and involved the exfiltration of a substantial data volume estimated at 2.3 terabytes. The incident was publicly disclosed on the same day it was discovered. The group responsible for the attack is identified as “payoutsking,” indicating a likely link to a known ransomware operation. The page indicates that no sensitive information about employees, third-party entities, or users was publicly disclosed at the time of reporting. Additionally, no explicit details about the nature of the leaked contents or the specific compromising methods are provided.

The leak page references a domain associated with the victim, with no additional press or screenshot material available. It notes the attack date as mid-July 2025 and highlights the significant data size involved, suggesting a potentially impactful breach. Although detailed technical information is absent, the report confirms that the affected organization experienced a serious breach involving data exfiltration likely related to a ransomware or data theft operation. The incident’s public disclosure appears to be recent, and further updates or evidence of the leaked data may be available through the linked URL or ongoing investigation reports.