Ransomware Group: DIREWOLF

VICTIM NAME: Wine Works Australia

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the DIREWOLF Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

Wine Works Australia is identified as the victim in this leak post, attributed to the ransomware group Dire Wolf. The page describes Wine Works Australia as an Australia-based wine sales and marketing company that represents local and international wineries in export markets, emphasizing the development of sustainable partnerships to drive wine sales across regions. The post is dated August 25, 2025, 13:40:33, and there is no separate compromise date provided; thus, this date is treated as the leak post date. The post frames the incident as a data breach involving data exfiltration rather than encryption, and it does not publish a ransom amount within the excerpt.

The leak claims a data payload of 22 GB and points to a distribution link hosted on the Tor network. The page references the victim’s official site in defanged form (hxxps://www[.]wineworks[.]com[.]au) and includes a Tor onion distribution address ( No screenshots or internal images are visible on the leak page, and there are no downloadable files listed on the page itself. A claim URL is indicated as present, suggesting that additional details may be available elsewhere, though the exact URL is not displayed here for safety and defanging purposes.

Industry context and risk: the leak page places Wine Works Australia within the Agriculture and Food Production sector, highlighting its role in exporting wines. The combination of a 22 GB data payload and a Tor-based distribution link signals a data-leak scenario that could affect business partners and regulatory compliance if the data is exposed. No ransom figure is provided in the excerpt, which limits visibility into negotiation expectations.