Ransomware Group: AKIRA

VICTIM NAME: Advanced Blending Solutions

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the AKIRA Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

On August 20, 2025, the leak page identifies Advanced Blending Solutions, a US-based manufacturer of blending and material convey equipment for the plastics industry, as a ransomware victim. The post claims the attackers exfiltrated a substantial volume of corporate data and plan to upload about 352 GB of files, including roughly 10 GB of SQL database content. The descriptor frames this as a data-leak event rather than a full system encryption, implying the stolen material may be released publicly or made available for download as part of a double-extortion approach. The excerpt does not disclose an explicit ransom amount, but the presence of a claim URL suggests standard ransomware monetization activity.

Data categories described include detailed employee information (dates of birth, driver’s license numbers, addresses, Social Security numbers, and phone numbers—all values redacted), HR files, detailed financial and accounting information, contracts and agreements, credit card details, scans of documents containing personal information, and other customer data. The combination of these data types indicates a data-leak scenario with significant privacy and regulatory implications for the victim and affected parties. The page notes no visible images or downloadable content (images_count: 0; downloads_present: false), while listing a total data footprint of 352 GB, including about 10 GB attributed to SQL databases.

In line with the focus on the victim name, the post date is August 20, 2025 (the post date; no separate compromise date is provided in the metadata). The content aligns with common ransomware leakage patterns that leverage publicly exposed exfiltrated data to pressure negotiations. The presence of a claim URL indicates ongoing monetization or negotiation activity, even though the excerpt does not reveal a ransom amount. The summary preserves the victim’s name and avoids reproducing direct links or sensitive data beyond the described data categories.