Ransomware Group: DRAGONFORCE

VICTIM NAME: Fullcolour[.]com Limited

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the DRAGONFORCE Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

On August 22, 2025, a ransomware leak page publicly identified Fullcolour[.]com Limited as a victim. The company, based in Hong Kong, describes itself as a family printing business that has provided printed products since 1993, including brochures, leaflets, folders, business stationery, banners, pads, and more. The leak page presents Fullcolour[.]com Limited as compromised and includes a claim URL for potential negotiation or data claims. The available data does not reveal a ransom amount, and there are no visible screenshots or downloadable data on the page.

According to the available metadata, there are no screenshots or embedded images on the page, and no downloadable files or links are present. A claim URL is noted as being present on the leak page. The data does not specify whether the attackers encrypted the victim’s systems or simply leaked data, so the exact impact is not confirmed from the supplied information. The page names the victim but does not disclose additional detail about the content of the potentially stolen data.

CTI observations and implications: This listing follows a common ransomware leak-page pattern, publicly associating a Hong Kong-based printing business with a data breach. For defenders, it reinforces the importance of routine backups, network segmentation, and strong access controls, particularly for small manufacturing and printing operations. Monitoring for further updates to this page and any new claims or disclosures is recommended, as is readiness to respond to potential ransom-related communications. The victim name should be tracked for contextual risk assessment, with updates incorporated into ongoing threat intelligence coverage.