Ransomware Group: CRYPTO24

VICTIM NAME: Palmgold Management Sdn Bhd

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the CRYPTO24 Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

On August 18, 2025, Palmgold Management Sdn Bhd was listed as a ransomware leak victim on a site attributed to the threat group crypto24. The page presents the incident as a data-exfiltration event rather than a straightforward encryption attack, signaling a data-leak scenario typical of contemporary ransomware campaigns. The dataset identifies Palmgold Management Sdn Bhd, a Malaysia-based entity, but the industry is not specified in the available data. The leak page highlights two divisions within the organization—the Casino Division and the Credit Division—whose data are described as compromised. The Casino Division is said to house a full operational database of over 60,000 members, including PII, jackpot and play history, betting patterns, and machine configurations, alongside Power BI dashboards used for internal analytics and a range of confidential finance, HR, and IT documents. It also references scanner contents from multiple branches and operational logic such as promotion formulas, game-specific revenue models, and risk-related parameters. The Credit Division is described as containing customer KYC information and detailed banking and cash transaction records.

According to the post, the attackers claim to have exfiltrated over 500GB of data from Palmgold’s internal network. The leak page indicates that a claim URL is present, though no actual link is shown in this summary. The post does not disclose any ransom amount. The provided metadata shows there are no images or downloadable media on the page. The breadth of the claimed exfiltration—spanning the Casino and Credit Divisions and including PII, KYC data, and financial records—illustrates a potentially high-risk data breach with significant implications for customer privacy, regulatory compliance, and business operations. The victim’s name remains the focal point of this summary, with other non-essential identifiers not detailed here.

Overall, the leak underscores the vulnerability of organizations that manage large member bases and sensitive financial information in Malaysia. The page’s content aligns with standard ransomware-leak narratives that emphasize data exposure rather than immediate encryption status and notes the presence of a claim URL as a channel for potential public release or negotiation leverage. No screenshots or visible media are present on the leak page, consistent with the provided data, which also notes no downloads. The incident highlights the importance of robust data protection, incident response, and customer-notification practices for gaming and financial-services operators handling sensitive personal and payment data.