Ransomware Group: INCRANSOM

VICTIM NAME: dtxstudio[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the INCRANSOM Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to DTX Studio, a technology company based in Brea, California, specializing in dental software solutions that manage imaging data for diagnostics, treatment planning, and patient follow-ups. The attack campaign was claimed on July 21, 2025, and the data breach was publicly disclosed the following day. The incident appears to involve a significant cybersecurity event targeting the company’s digital assets, which may include sensitive operational information. The leak webpage includes a screenshot illustrating the compromised interface or internal data management system, emphasizing the severity of the breach. No personally identifiable information concerning employees or clients is explicitly disclosed on the leak page. The data leak potentially exposes confidential business details, but specific data content or files are not publicly detailed on the page.

The breach was associated with a threat actor group identified as “incransom.” The leak appears to include information related to various credential-stealing tools, as indicated by the use of multiple infostealers such as Azorult, Lumma, Raccoon, RedLine, StealC, and Vidar, with varying numbers of detected infections. The breach involved the theft of data from 61 users or systems and is characterized by targeted information theft involving malware designed to extract sensitive data. The attack leverages cybercriminal tools to gather and possibly sell or publicly release stolen information. The incident’s details suggest a focus on business data rather than customer PII, and the leak may contain internal documents, operational data, or other software-related information relevant to the company’s business activities.