Ransomware Group: CRYPTO24

VICTIM NAME: Warisan TC Holdings Berhad

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the CRYPTO24 Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to Warisan TC Holdings Berhad, a company operating within the transportation and logistics sector based in Malaysia. The incident was publicly disclosed on July 16, 2025, with the attack date recorded as July 9, 2025. The threat actors claim to have exfiltrated over 300 gigabytes of sensitive data from the victim. This data includes comprehensive customer databases related to various internal systems such as TOURPLAN, CRM, and E-INVOICE, as well as legal and human resources documents, financial records, employee information, and contractual agreements with partners and clients. The breach represents a significant security incident affecting the company’s confidential information and operational integrity.

The leak page indicates that the compromised data was discovered approximately a week after the attack, highlighting the severity of the breach. Although the page does not display specific download links, it suggests that a substantial volume of internal and sensitive information is at risk. Visual content, such as screenshots or images, are not provided, but the detailed description emphasizes the scope and gravity of the data exfiltration. The incident underscores the importance of cybersecurity vigilance, especially for organizations handling critical logistics and customer data in the region. No additional press statements or public comments are available at this time, and the attacker group involved is identified as “crypto24.”