Ransomware Group: AKIRA

VICTIM NAME: McKenzie Commercia

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the AKIRA Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The leak page pertains to McKenzie Commercial, a company specializing in high-quality commercial construction services. The breach involves the unauthorized disclosure of a substantial amount of corporate data amounting to 42 GB. The compromised data includes employee personal information such as birth dates, passports, addresses, phone numbers, emails, financial records, client details, project information, contracts, confidential documents, and nondisclosure agreements. The attackers have made the data accessible via a magnet link compatible with torrent clients, simplifying the download process. The leak was discovered on July 14, 2025. The shared information suggests a serious security breach with potential implications for employee privacy and company confidentiality. The website includes screenshots, but no explicit details about the breach’s impact are disclosed.

The leak demonstrates a targeted attack where sensitive and confidential corporate documents have been exposed publicly. The presence of comprehensive data such as contracts, NDAs, and financial records raises significant concerns regarding the company’s internal security practices. The publicly available torrent link provides an easy method for unauthorized parties to access and distribute the stolen data. The attack appears to have occurred on July 14, 2025, indicating recent exploitation. No further victim-specific country or industry details are provided. The breach highlights the importance of robust cybersecurity measures to protect corporate and employee data from malicious actors.