Ransomware Group: CLOP

VICTIM NAME: PHARMARON[.]COM

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the CLOP Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to a healthcare-related organization operating under the domain “PHARMARON.COM,” based in China. The attack was discovered on July 7, 2025, and is attributed to the “clop” ransomware group. The leak was identified shortly after the attack date, indicating prompt detection and publication of compromised data. The page features a screenshot that showcases internal documents, suggesting a breach of sensitive operational information. The leaked data is accessible via a dark web link, emphasizing the targeted nature of the attack against a global pharmaceutical and drug research enterprise. Although no explicit details of the data leaked have been publicly released, the leak appears to be part of a broader campaign targeting critical healthcare infrastructure worldwide.

The victim’s activities involve drug research, clinical trial services, and pharmaceutical R&D, indicating a vital role in the medical and healthcare industries. The leak may include internal data, operational details, or proprietary research, which could impact the organization’s reputation and operational security. The presence of the screenshot suggests the leak contains visual evidence of internal documents, but specific contents are not publicly disclosed to avoid exposing PII or sensitive intellectual property. This attack underscores the risks faced by organizations in the medical sector, especially those with international operations, and highlights the importance of cybersecurity resilience and proactive threat detection in protecting critical research and development assets.