Ransomware Group: AKIRA

VICTIM NAME: Donlar Construction

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the AKIRA Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak pertains to Donlar Construction, a full-service construction company operating primarily in Minnesota and the Upper Midwest. The breach was discovered on July 24, 2025, and it involves the exfiltration of a significant volume of sensitive corporate data, totaling nearly 50 gigabytes. The compromised information includes detailed employee records such as personal identification details, contact information, medical data, financial records, project files, incident reports, and legal documents like NDAs. The exposure of such information poses serious privacy and security risks for affected individuals and the company’s operations. The leak page includes screenshots of internal documents, indicating a comprehensive breach of confidential data.

The leak was publicly announced on the ransomware group’s channel, with the threat of releasing further data if the ransom demands are not met. No specific victim domain or additional identifiers are provided, and the group responsible appears to be affiliated with the ‘akira’ ransomware subgroup. The incident underscores the importance of robust cybersecurity measures within the construction industry, especially given the sensitive nature of the information involved. It is recommended that affected parties conduct thorough security reviews and notify relevant authorities about the breach to mitigate potential fallout.