Ransomware Group: AKIRA

VICTIM NAME: LandWorks

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the AKIRA Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

LandWorks, a United States–based landscape and lawn care company serving Johnson County and the greater Kansas City area since 1995, is identified as a victim on the leak page. The post is dated August 20, 2025, and the attackers claim to have access to more than 30GB of the company’s documents. The page describes the incident as a data leak and states that the actors are ready to upload the material, which purportedly includes financial data (audits, payment details, invoices) and personal information of employees and customers (Social Security numbers, phone numbers, medical information), along with other confidential documents. There is no ransom amount shown in the data available from the leak page.

According to the metadata, the page contains no screenshots or images (images_count is 0). A claim URL is indicated as present on the page, though the actual link is not provided in this summary. The content underscores the risk to LandWorks and its clients from exposure of financial and personal information, illustrating a data‑leak scenario commonly associated with ransomware operations.

In summary, the leak page presents LandWorks as a victim with a post date of August 20, 2025, asserting access to over 30GB of documents. The post emphasizes data exfiltration rather than encryption and does not disclose a ransom amount in the provided data. No visible downloads or images are indicated on the page, but the presence of a claim URL suggests an accessible path to the exposed material, albeit without content visible in this summary.