Ransomware Group: SINOBI

VICTIM NAME: Horizon Hydraulics

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SINOBI Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The leak page centers on Horizon Hydraulics, a United States–based manufacturing service center that specializes in hydraulic and pneumatic systems and serves multiple industries. The company is described as a full‑line provider headquartered in Oklahoma City, Oklahoma, with a long operating history dating back to 1983. The page presents Horizon Hydraulics as a victim of a ransomware incident and provides a business profile that mirrors typical leak-page content used to establish the victim’s scope and capabilities for readers.

According to the post, Horizon Hydraulics has been encrypted in the attack and a ransom demand is stated, with a figure of $12,100,000. The post date is August 9, 2025, and the body excerpt includes a date entry of 09/08/2025 alongside the ransom amount, which may reflect the incident timeline or the claim date. The page features six image attachments, described as likely screenshots of internal documents or data intended to substantiate the attackers’ claims. The image links are hosted on an onion service, and the actual URLs are not shown here; no downloads are reported on the page.

There is no independently verifiable compromise date provided beyond the post date; the post date is August 9, 2025. The entry aligns with a typical ransomware leak pattern that combines encryption with a data-leak component, supported by the six image attachments which are presumed to be screenshots of internal materials. All potentially sensitive information in this summary has been redacted where necessary, while Horizon Hydraulics’ name is preserved to maintain the focus on the victim identity. The page evidence—six images and a stated ransom—illustrates the ongoing risk to manufacturing entities from double-extortion ransomware campaigns.