[BLACKSHRANTAC] – Ransomware Victim: CyPark Resources Berhad
NOTE: No files or stolen information are exfiltrated, downloaded, taken, hosted, seen, reposted, or disclosed by RedPacket Security. Any legal issues relating to the content should be directed at the attackers, not RedPacket Security. This blog is an editorial notice informing that a company has fallen victim to a ransomware attack. RedPacket Security is not affiliated with any ransomware threat actors or groups and will not host infringing content. The information on this page is automated and redacted whilst being scraped directly from the BLACKSHRANTAC Onion Dark Web Tor Blog page.
AI Generated Summary of the Ransomware Leak Page
On 2025-10-31 01:21:20.816084, a leak-post on a ransomware site identifies CyPark Resources Berhad, a Malaysia-based company operating in the energy sector with activities in renewable energy, environmental engineering, and landscaping infrastructure, as a victim. The page presents CyPark as a publicly listed company on Bursa Malaysia and frames the incident as a data-exfiltration event rather than solely an encryption occurrence. The narrative centers on stolen data that could be released publicly or made available for download, aligning with the double-extortion pattern commonly seen in ransomware campaigns. The post makes clear that the focus is on data leakage and its potential publication, rather than confirming a completed encryption outcome.
The leak asserts a data volume of about 450GB, organized into three categories: financial information (invoices, insurance, banking data, assets, payroll, etc.); human resources information (employee lists and addresses); and broader company data covering environmental engineering, landscaping, and infrastructure activities. Personal contact details such as emails and addresses are noted as redacted in the shared materials, while the victim name remains visible. The page also references a claim URL, suggesting a mechanism to validate the attackers’ claims and indicating that additional data will be published in the near term.
The post includes a set of internal images—21 in total—that are described only in general terms as screenshots of internal documents. These images are hosted on a dark-web domain within the post’s resources; the exact image links have been defanged for safety. While no explicit ransom amount is disclosed within the captured content, the combination of data exfiltration, forthcoming data releases, and the presence of these materials is characteristic of data-leak-focused ransomware activity. Privacy protections are applied to contact details, and no non-redacted URLs or direct contact information are reproduced in this summary. The focus remains squarely on CyPark Resources Berhad and its exposure within the energy sector.
Support Our Work
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.
