Ransomware Group: BEAST

VICTIM NAME: Perennial

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the BEAST Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

On October 2, 2025, BEAST published a ransomware leak post concerning Perennial. The page frames Perennial as a victim of a data-leak incident and presents a corporate overview that mirrors the victim’s public description. It notes that the company was established in 1980 and specializes in custom cable assembly solutions, including wire harnesses for automotive, industrial, and commercial sectors, with capabilities described as managed one-stop solutions and international warehousing. The post references ISO 9001 and IATF6949 certifications, signaling a focus on quality management. The leak carries the BEAST LEAKS label and includes a claim URL, indicating the attackers’ assertion of data access and exfiltration; no ransom amount is disclosed in the excerpt. The date on the page is the post date since no compromise date is provided in the scraped data.

The leak page features a gallery of 21 images, described in the annotations as screenshots, hosted on a Tor onion service. The imagery suggests internal materials but the excerpt does not detail their contents. The visible text does not reveal any PII or contact information; the material focuses on presenting the victim’s corporate profile while signaling a data-leak claim by the attackers. The absence of downloadable files or direct links in the excerpt is noted, and the page appears to be a standard data-leak publication rather than a narrative of encryption activity.