Ransomware Group: BERT

VICTIM NAME: Wawasan Dengkil Sdn Bhd

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the BERT Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to a Malaysian construction company identified as Wawasan Dengkil Sdn Bhd, which was established in 2003. The company operates within the construction sector, focusing on earthworks, civil engineering, equipment rental, and building material supply. According to the leak, the incident was discovered on May 22, 2025, and the company was actively targeted by cybercriminals at that time. The page includes a screenshot of an internal image, suggesting that sensitive or internal data may have been compromised and leaked online. Additionally, the attackers have provided a claim URL for further information, although specific data or content leaked has not been detailed publicly. The company’s recent listing on the stock exchange indicates ongoing expansion, but the leak exposes a potential cybersecurity breach affecting its operations.

Details from the ransomware site indicate that the attack involved unauthorized access to the company’s internal systems, possibly including confidential business information. The presence of a screenshot of internal content suggests that cybercriminals might have accessed proprietary or operational data. While no explicit mention of the leaked data contents is provided, the leak’s public availability raises concerns about the company’s cybersecurity defenses. The incident underscores the importance of safeguarding internal information, especially for organizations engaged in critical infrastructure and construction activities. The leak’s timestamp aligns with the attack date, and the claim URL provides a channel for further investigation or potential negotiations. Given the company’s active business operations and recent stock market activities, this breach could have broader implications for its reputation and operational integrity.