Ransomware Group: KILLSEC

VICTIM NAME: WalletKu Indompet Indonesia

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the KILLSEC Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

WalletKu Indompet Indonesia, an Indonesia-based technology company, is identified as the victim in a ransomware leak post attributed to the threat actor group KillSec. The post is dated September 28, 2025, and presents WalletKu Indompet Indonesia’s WalletKu 4.0 as a comprehensive digital payment and lifestyle platform offering services such as mobile top-ups, various bill payments, and travel bookings, with support for additional e-wallet top-ups. The leak frames the incident as a data-leak event and includes a ransom demand, noting that payment should be handled by the company rather than individuals, and that authorized representatives can negotiate via a dedicated session messenger or negotiations room. The post does not specify a compromise date beyond the post date.

The leak page includes ten image assets described in the annotations as icons and sample visuals; the exact contents of these images are not detailed in the excerpt. The page also flags a claim URL and contains a call to action implying a ransom payment, with instructions that only the company should perform the payment and that authorized representatives may negotiate through the stated channels (session messenger or negotiations room).

From a threat intelligence perspective, the leak aligns with the double-extortion ransomware pattern: the attackers publicly name the victim, imply data exposure, and demand payment. The identified victim is WalletKu Indompet Indonesia, a technology firm in Indonesia, with the post dated September 28, 2025. The ten image attachments suggest the potential exposure of internal documents, though the exact contents are not disclosed in this summary. The presence of a ransom negotiation channel and the data-leak framing underscore the ongoing risk to digital payments platforms and similar technology services.