Ransomware Group: DRAGONFORCE

VICTIM NAME: Cofiex Asesoría de Empresas, S[.]L

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the DRAGONFORCE Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

On October 8, 2025, a ransomware leak page attributed to the group dragonforce references Cofiex Asesoría de Empresas, S.L., a Spain-based firm offering business consulting and tax advisory services. The victim is described as based in Navalmoral de la Mata, Cáceres, Extremadura, Spain, and operating in the accounting, fiscal and labor management sector. The company is identified as a Sociedad Limitada (S.L.). The leak page notes that the domain cofiex[.]es exists but presently hosts only a blank WordPress page, with the classic “Hello World!” post visible as of mid-2025, indicating little to no public-facing content and suggesting offline or limited online operations. A claim URL is indicated on the page, but there are no downloadable files or images present in the metadata.

The page’s description enumerates Cofiex’s core services as accounting (bookkeeping, annual reports, and compliance with Spanish GAAP), tax advisory (corporate and personal tax returns, VAT filings, tax optimization), payroll and labor management (payroll, social security filings, and employee contracts), and broader business consultancy (company formation and administrative and legal support). The stated client base includes small and medium-sized businesses, freelancers (autónomos), and local corporations. The typical contact is shown in the leak text but is redacted here for privacy, and the firm’s legal form is noted as Sociedad Limitada (S.L.). The current status of the public site is that cofiex[.]es does not present active content, implying offline operations or direct outreach rather than a fully functional website. The leak page also indicates a claim URL, with no additional files or images exposed.

In terms of post metadata, October 8, 2025 is the publish date provided for the leak entry; there is no explicit compromise date stated. There is no ransom amount listed in the available data, and no downloadable materials or screenshots are attached to the post. The association with the dragonforce group and the presence of a claim URL align with ransomware leak patterns, though the public content here provides limited detail on the breach’s operational impact beyond the existence of the post and the contact channel. Overall, Cofiex Asesoría de Empresas, S.L. appears to be a Spanish accounting and advisory firm affected by a ransomware leak, with minimal public evidence of encryption or data exposure in the supplied description.