Ransomware Group: J

VICTIM NAME: Petro-Diamond (petrodiamond[.]com) – subsidiary of Mitsubishi Corporation

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the J Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

Petro-Diamond (petrodiamond[.]com) – subsidiary of Mitsubishi Corporation is identified as the victim in a ransomware leak post dated September 29, 2025. The leak page places the company in the Energy sector with operations in Japan, and frames the incident as a data-leak event rather than a confirmed encryption of systems. The attackers are described as claiming to have exfiltrated internal data, and the page provides three links: a Leaks Download Guide and two data archives named petrodiamond_listing.zip and petrodiamond-sample[.]zip. The page contains no on-page screenshots or images (image count is reported as zero). The post date on the leak page matches the date in the embedded metadata.

The leak’s embedded metadata describes Petro-Diamond’s data exposure in terms of internal documents and datasets. It notes that some personal data may be attached, and it references two archives that appear to contain company records (petrodiamond_listing.zip and petrodiamond-sample[.]zip). The JSON-LD excerpt included with the page lists a 2025-09-29 publication date and a headline matching the victim name, and it cites a description that mentions an external provider connected to aviation data (provided by www[.]travelhackingtool[.]com). The material described spans multiple internal domains, including Audit & Compliance, Cash & Treasury Management, Human Resources & Payroll, and Operational & Technical Infrastructure, suggesting a broad scope of potentially sensitive information. Reported figures within the excerpt indicate revenue around $11.1 million and data volume of roughly 94 GB, though the exact contents and legitimacy of these claims cannot be independently verified from the excerpt alone. No explicit ransom demand or encryption status is stated in the provided text.