Ransomware Group: CLOP

VICTIM NAME: PILOTTHOMAS[.]COM

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the CLOP Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

This ransomware leak pertains to Pilot Thomas Logistics, a US-based company specializing in the supply of fuel, lubricants, and chemicals for various industrial sectors, including marine, drilling, exploration, and production. The company provides diverse services such as transportation, equipment management, and workforce support, emphasizing its commitment to health, safety, environment, and quality standards. The leak was discovered on July 7, 2025, and the threat actor group responsible is identified as “clop,” a notorious ransomware syndicate known for targeting corporate entities. The leak includes a screenshot of internal documents, suggesting the compromise of sensitive operational information, along with a claim URL where further details or data might be accessible.

The compromised data may include confidential company information, but specific details about the nature of the leaked data remain unspecified. The leak site is hosted on an onion domain, indicating it is accessible via the Tor network, which is common for such cybercriminal activities. While no direct evidence of data exfiltration has been detailed, the presence of a screenshot and a claim URL indicates that the threat actors have obtained information they intend to leak unless a ransom is paid. The attack date is recorded as July 7, 2025, and the company operates within the United States; however, activity and other specific details about the scope of the breach are not provided. The incident underscores the rising threat of ransomware targeting critical infrastructure and supply chain companies.