Ransomware Group: CEPHALUS

VICTIM NAME: Sherman, Silverstein, Kohl, Rose & Podolsky, P[.]A[.]

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the CEPHALUS Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

On August 26, 2025, a ransomware leak post from the threat actor Cephalus concerns Sherman, Silverstein, Kohl, Rose & Podolsky, P.A., a United States-based national full-service law firm. The page describes the firm as operating for more than 40 years, with a team of experienced attorneys including former large-firm practitioners, and supported by paralegals and administrative staff. It notes the firm provides services across business counseling, banking, healthcare, and more than a dozen practice areas, emphasizing personalized attention and cost-efficient results. This framing presents the victim as a well-established legal-services organization amid a ransomware data-leak scenario.

The leak page claims the attackers gained access to internal materials and exfiltrated data, offering a link to a Mega[.]nz folder as a purported data release mechanism (defanged: hxxps://mega[.]nz/folder/fdslHLqS#Uvvwew2ER-rqvgk__ECJjA). There are no screenshots or images displayed on the leak page itself, and no downloadable files or media are shown in the metadata. The post date is the publication date (2025-08-26 14:57:44), and the data does not include an explicit ransom amount or encryption status in the provided fields.

Risk context: The page preserves the victim’s name while redacting personal contact details and other PII. The presence of the external Mega[.]nz link suggests the attackers intend to publicize or share exfiltrated materials, consistent with typical ransomware data-leak campaigns. The incident underscores the risk that data confidentiality obligations and privilege concerns pose to law firms and their clients, and highlights the importance of strong data protection, incident response planning, and monitoring for legal-service organizations. The leak is attributed to the Cephalus group.