Ransomware Group: BLACKLOCK

VICTIM NAME: TOHO CO[.], LTD[.]

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the BLACKLOCK Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak pertains to TOHO CO., LTD., a well-established Japanese company founded in August 1932 with a significant financial profile, including assets totaling over 10 billion yen. The company has a workforce of approximately 401 employees, with an additional 3,617 individuals forming its affiliated group. The attack was publicly disclosed on May 16, 2025, and the breach was discovered shortly thereafter. The incident involves the release of sensitive corporate data, which is available for download via a provided claim link on the dark web. The leak includes confidential internal information, possibly comprising internal documents and business data, as indicated by the accompanying screenshot of internal content.

The leak page includes a screenshot showing internal documents, indicating that the attackers may have accessed proprietary information. The breached data is hosted on a dark web platform, suggesting deliberate steps taken by the threat actors to publish leaked files. Although the specific nature of the compromised data has not been detailed publicly, the leak is associated with the group known as ‘blacklock,’ which is known for ransomware activities targeting various organizations. The attack occurred in Japan, but no further activity description or details about the attack vector have been disclosed. This incident highlights the importance of cybersecurity measures in protecting corporate assets against advanced ransomware threats.