Ransomware Group: AKIRA

VICTIM NAME: Natoli Engineering

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the AKIRA Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

Natoli Engineering, a United States-based manufacturing firm with more than fifty years of experience in tablet compression tooling, is identified as the victim in a ransomware leak post dated October 6, 2025. The leak page frames the incident as a data-leak event rather than encryption and asserts that attackers have gained access to a substantial trove of internal documents. Natoli’s catalog includes tablet presses, encapsulation machines, and replacement parts designed to support pharmaceutical research and production. The post states that the attackers are prepared to upload more than 936GB of data, signaling a sizable exposure of sensitive information. It enumerates document categories such as financial records (audits, payment details, financial statements, invoices) and employees and customers’ confidential data, including sensitive identifiers and contact information, as well as NDAs and other documents. In this summary, personally identifying information is redacted to protect privacy.

The post does not disclose a ransom amount or an explicit encryption claim on the leak page. The date shown for the leak entry is October 6, 2025, which the summary uses as the post date since no separate compromise date is provided. The page contains no images or screenshots (0 images). A claim URL is indicated as present, suggesting an external page or claim, but no URLs are reproduced here. Overall, the leak page presents a data-leak scenario in which the attackers threaten to release internal materials to pressure Natoli Engineering, rather than a conventional encryption event.