Ransomware Group: AKIRA

VICTIM NAME: Bobcat Central

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the AKIRA Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

Bobcat Central, a Stockton, California-based equipment dealer operating since 1976, is identified on the leak page as the victim of a ransomware incident. The post is attributed to the Akira threat group and is framed as a data exfiltration operation rather than a traditional encryption event. The attackers declare they are prepared to upload more than 12GB of internal documents, including financial data (audits, payment details, financial reports, invoices) and sensitive information belonging to employees and customers (driver’s license details and Social Security Numbers, with medical information), as well as confidential NDAs and other documents containing personal information. The post notes the presence of a claim URL, signaling an intent to monetize the breach, though no specific ransom amount is disclosed in the visible excerpt. The leak page shows no visible screenshots or images in the provided material, and there is no explicit contact information within the excerpt.

The metadata lists a post date of August 19, 2025, which serves as the publication date for this leak entry. There is no separately stated compromise date in the available excerpt, so the post date is used for timing. The page emphasizes a data-leak scenario rather than encryption and clearly identifies Bobcat Central as the victim. The page provides a link to a claim or ransom page, but the ransom amount is not disclosed in the current excerpt. No images or screenshots are present on the leak page (0 images), and the described data types imply the potential exposure of sensitive internal financial records and personal information through data dumps and NDAs.