Ransomware Group: CLOAK

VICTIM NAME: Pe*************[.]lk

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the CLOAK Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The leak page pertains to a victim identified by a masked domain associated with the Sri Lankan region. The attack’s compromise date is recorded as April 18, 2025, indicating the timeframe when the data breach was identified. The page does not specify details regarding the nature of the compromised data or the attack vector, and there is no available description or additional information about the victim’s industry or operations. The page appears to be part of a monitoring platform dedicated to ransomware-related leaks, and it includes a screenshot or visual evidence, although the specific content of the screenshot is not provided. No download links or data files are explicitly mentioned or available publicly on the page. The incident’s details are limited, focusing primarily on the victim’s domain without revealing sensitive or PII-related information. The page’s purpose seems to be to document and index this particular data leak for awareness and record-keeping within cybersecurity communities. Further technical or forensic insights are not available based on the provided data.

As per the available information, no specific details about the leaked content, such as types of documents or sensitive data, are disclosed. The incident’s timeline suggests that the breach was identified and publicly recorded on the same day it was discovered. The organization’s activity remains unspecified, and no country information has been provided, limiting contextual understanding. The leak appears to be part of a broader effort to catalog ransomware incidents, but without explicit technical details or the nature of the compromise, the focus remains on the incident’s existence and date. Further investigation or publicly available data would be required for a comprehensive threat assessment or remediation guidance. The lack of detailed content emphasizes the importance of proactive cybersecurity measures for potential targets and organizations operating in similar contexts.