Ransomware Group: BLACKSHRANTAC

VICTIM NAME: General Directorate of Taxes and Estates

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the BLACKSHRANTAC Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

On September 29, 2025, at 12:13:05.111498, the General Directorate of Taxes and Estates, a public-sector tax authority, is listed as a victim on a ransomware leak page attributed to the threat actor group blackshrantac. The post characterizes the incident as a data-exfiltration event rather than an encryption of the agency’s systems, and there is no ransom amount disclosed in the provided materials. The leak page references a claim URL and includes nine image attachments that appear to be screenshots of internal documents intended to substantiate the attackers’ claims. The victim is framed as a government body within the public administration sector, with the page emphasizing that sensitive data has been accessed and exfiltrated.

According to the leak page, the attackers claim to have exfiltrated multiple data categories, including finance and tax information (finance data, tax reports, and income data); network information (including a KeePass export and an internal knowledge base); HR information about employees (employers, passports, SSNs); and full legal and executive information. The post implies that the data may be released publicly or monetized and describes options to negotiate data deletion for payment or to arrange data purchase. The nine accompanying screenshots are presented as evidence of the data exfiltration, though no explicit ransom figure is shown in the materials.

Post-date context and sanitization: the provided key date corresponds to the leak page’s posting date (September 29, 2025). No compromise date is available in the input data; thus the post date is used for timeline purposes. The page includes nine image attachments described as internal documents. Non-English content appears to have been translated into neutral English for publication, PII such as emails, phone numbers, and addresses has been redacted, and the victim name General Directorate of Taxes and Estates is preserved for context. The summary focuses on the victim identity while omitting other organization names that may be mentioned in the text.