Ransomware Group: WORLDLEAKS

VICTIM NAME: Prosegur

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the WORLDLEAKS Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

Prosegur, a global security company described as based in Spain and operating within the Business Services sector, is identified as a victim on a ransomware leak page attributed to the threat actor group worldleaks. The page presents Prosegur’s broad service profile, including cash in transit, alarm monitoring, consulting, and security maintenance, and notes the company’s engagement across multiple industries. The post date for the page is August 23, 2025; no separate compromise date is provided in the data, so this date is treated as the post date. The leak page indicates the existence of a claim URL for additional details, though the actual link is not shown in this summary. The record shows no attached media or downloadable content.

The leak page provides minimal media evidence: there are zero images or screenshots listed in the supplied data, and no downloads or files are indicated. The data do not specify whether the attack involved encryption or a data exfiltration (i.e., “Encrypted” vs “Data leak”), nor do they include any ransom amount or demand. A defanged external link is referenced for further verification, but the exact URL is not provided here. Taken together, the page publicly proclaims Prosegur as a victim of a ransomware operation, but the specific scope of impact remains unelaborated in the available record.

Sanitization and context notes: the content has been translated to neutral English, and PII such as emails, phone numbers, and addresses are not present in the provided materials. The victim name Prosegur is preserved. The page’s description portrays a high-level corporate profile rather than a detailed incident report, and API metadata indicates a country value that appears inconsistent with the page’s Spain-based description, suggesting a potential data source discrepancy. Overall, the summary reflects surface-level leak-page details without concrete indicators of encryption, data types, or ransom figures, while acknowledging the presence of a defanged external claim URL for further reading.