Ransomware Group: BLACKSHRANTAC

VICTIM NAME: Standard Fiber

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the BLACKSHRANTAC Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

Standard Fiber, a United States-based global textile manufacturer known for bedding products, is identified as the victim on a ransomware leak page published on October 4, 2025 (the post date). The post, attributed to the group behind the leak, frames the incident as a data leak rather than a full encryption event and claims that approximately 2 TB of data has been exfiltrated from Standard Fiber’s network. It suggests that the stolen data could be released publicly or sold unless an agreement is reached, but does not disclose a ransom amount. The leak page includes a gallery of 14 image attachments described only in general terms as screenshots or internal visuals intended to corroborate the exfiltration claim, without detailing their specific contents.

The leak post outlines the types of data claimed to be included in the 2 TB dataset, listing categories such as financial information (invoices, payrolls, statements), network information for the company and its affiliates, HR records (contracts, identifiers), full legal and executive materials, product development data, and patent-related information. The page emphasizes that the entire downloaded data is strictly protected and implies that it could be released publicly or sold if obligations are not met. A contact token or negotiation handle is provided, reinforcing an intent to monetize the data rather than issuing a traditional ransom demand. The post also references Standard Fiber’s official domain and displays image attachments that appear to depict internal documents and materials, including items that resemble identity or client-related visuals, though no specific contents are described. The post date serves as the publication date for the leak.