Ransomware Group: CRYPTO24

VICTIM NAME: Larimart S[.]P[.]A

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the CRYPTO24 Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak pertains to Larimart S.P.A., an Italian entity, which reportedly had its data compromised in an attack dating back to July 15, 2025. The breach resulted in the illegal exfiltration of approximately 2 terabytes of highly confidential and sensitive information. The leaked data includes security-related documents such as armor specifications linked to NATO, ballistic protection designs, and critical certification documents, alongside export control records. Additionally, strategic planning materials, internal pricing, government Ministry of Defense data, invoices, and tactical customer lists were compromised. The leak also involves archives of confidential contracts related to weapon systems development and other sensitive operational information. The data was publicly disclosed on July 16, 2025.

The leak appears to contain highly classified military and defense industry data, which could pose significant national security concerns. The exposed information includes test data from strategic locations, internal performance results, and documents related to weapons and defense systems. The threat actor behind the breach is associated with the group identified as “crypto24.” The leak does not specify the attack vectors or the precise methods used, but the scope and nature of the documents suggest an organized and targeted compromise. The incident underscores the ongoing risks faced by organizations handling sensitive defense and government-related data, emphasizing the importance of robust cybersecurity measures. No user or third-party data appears to have been involved or compromised during this breach, and no publicly available screenshot or additional press coverage is indicated.