Ransomware Group: INCRANSOM

VICTIM NAME: phi[.]ca

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the INCRANSOM Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

phi[.]ca is the victim named in the leak page, with the activity attributed to the incransom group. The victim operates in the Technology sector and is listed as based in Canada. The leak page describes PHI Studio as focusing on the presentation and curation of immersive works in virtual reality (VR), augmented reality (AR), and extended reality (XR). The post date on the page is September 29, 2025; because no explicit compromise date is provided in the data, this date is treated here as the post date. The metadata indicates a claim URL is present on the leak page, signaling the attackers provide a ransom or related claim resource, though no specific URL is included in this summary. The dataset does not specify whether the attack encrypted systems or resulted in a data leak, nor does it include any ransom figure in the provided information.

The leak page contains no screenshots or images, as indicated by the data. The textual content centers on PHI Studio’s business focus rather than detailing the breach’s technical impact. The absence of explicit encryption or data-exfiltration claims and any stated ransom amount means the exact nature of the incident cannot be confirmed from the given data. The page is associated with the incransom group, and the victim phi[.]ca is located in Canada within the Technology sector.

In summary, phi[.]ca is presented as a Canadian technology company whose PHI Studio unit emphasizes VR/AR/XR-focused immersive experiences. The leak page’s post date is 2025-09-29, and a claim URL is indicated as present on the page, though no URL is shown here. The record provides no explicit breach type (encryption vs. data leakage) or ransom amount, and there are no visible images or downloadable content on the page according to the supplied data.