Ransomware Group: INTERLOCK

VICTIM NAME: Wier Boerner Allin

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the INTERLOCK Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

On August 22, 2025, at 19:12:27.125623, a leak page associated with the Interlock ransomware operation appeared for the U.S.-based entity Wier Boerner Allin. The industry is not listed in the leak metadata. The post identifies the named victim and records a published date, and it indicates that a claim URL is present on the page. No explicit ransom amount or stated encryption status is provided in the available data.

The leak page shows no images or screenshots—the images count is zero. The body excerpt includes a line such as “Item Type Item Name Search file in folder and subfolders…” and the page description references a web-based file manager described as Tiny File Manager in PHP. Taken together, these elements suggest the page is presenting or showcasing a file-management interface rather than sharing concrete data samples on the post itself. There are no downloads listed in the provided data.

Post date context and risk: The page is published on August 22, 2025, and a claim URL is indicated, which aligns with common ransomware leak patterns that offer a ransom or data-disclosure channel. However, the accessible data do not include a ransom amount or a clear determination of whether the incident involved encryption or data exfiltration. The exact impact remains unclear from this record alone. Defenders should treat this as a notice of a ransomware incident involving a U.S.-based firm and monitor for any follow-up disclosures or corroborating reports while preserving evidence and coordinating with relevant stakeholders.