Ransomware Group: SINOBI

VICTIM NAME: Comprehensive Pain Centers

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SINOBI Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

On August 13, 2025, a ransomware leak post associated with the Sinobi group identifies Comprehensive Pain Centers, a healthcare provider, as the victim. The post presents the incident as an encryption event and lists a ransom demand of five million USD. The published date aligns with August 13, 2025, and no separate compromise date is provided beyond the post date. The page includes five image attachments that appear to be screenshots of internal documents; the image links reside on onion services and have been defanged in this report. The leak page also indicates the presence of a claim URL, which is typical of ransomware posts that offer a pathway for verification or negotiation. The narrative centers on the victim name, with the healthcare sector as the referenced industry.

The excerpt describes Comprehensive Pain Centers as operating a wellness-based medical care model delivered locally at community sites such as workplaces, educational institutions, senior facilities, and malls. It promotes subscription-based plans that can replace or supplement existing medical services, emphasizing no need to travel to a clinic and “no fuss, no hassle, just you and your doctor.” The post includes a line indicating encryption and a ransom figure of 5,000,000 USD, dated 13/08/2025 with a time-like stamp (1341). The page displays multiple view counts within the excerpt—a common trait of leak posts—but provides no further detail about the specific data types affected. No country is specified, and there is no separate compromise date beyond the post date. The presence of a claim URL suggests a negotiation or verification mechanism. Overall, the content maintains a focus on the victim, Comprehensive Pain Centers, within the healthcare domain, without introducing additional company names.