Ransomware Group: GLOBAL

VICTIM NAME: awmedicalvillage[.]org

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the GLOBAL Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

On August 20, 2025, awmedicalvillage[.]org published a leak page on a ransomware information site. The organization is described as operating in the healthcare sector. The page asserts that a large volume of private patient information has been exposed, including diagnoses, residential addresses, phone numbers, insurance policy numbers, and other sensitive data. There is no explicit compromise date listed; the post date is August 20, 2025, and this date should be treated as the publication date. The page provides a defanged claim URL, suggesting the attackers have framed the incident publicly and may be seeking ransom or threatening data release, though no ransom amount is disclosed in the available data.

The leak entry contains no images or downloadable files; images_count is 0 and downloads_present is false. In effect, the publicly visible material appears to be textual, focusing on the types of data alleged to have been exfiltrated from awmedicalvillage[.]org and the existence of a data-leak claim rather than any accompanying media.

Impact assessment: The incident is described as a data leak involving sensitive patient information. The types of data cited—diagnoses, addresses, phone numbers, and insurance policy numbers—highlight significant privacy and regulatory implications for awmedicalvillage[.]org and the healthcare sector. Because no compromise date is provided in the available data, the duration of exposure remains unclear. The presence of a claim URL indicates a threat actor approach common in ransomware campaigns, where attackers seek ransom or public release of data. This event underscores the persistent risk to healthcare providers from data exfiltration and the privacy exposure it creates for patients.