Ransomware Group: DRAGONFORCE

VICTIM NAME: Dottori Commercialisti Associati

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the DRAGONFORCE Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

On August 23, 2025, a ransomware leak page associated with Dottori Commercialisti Associati (DCA), a Milan-based professional association with over 20 years of experience in tax and corporate consulting, appeared in the leak ecosystem. DCA is described as offering services including tax and fiscal advice, corporate consulting, and business and accounting guidance. The page states that the compromised data includes financial documentation and client data, indicating a data-leak scenario rather than a purely encrypted incident. A ransom-related claim URL is present on the page, signaling that attackers intend to publicize or monetize the stolen data. The post date serves as the reference point for when the page was published, and no explicit compromise date is provided in the available data.

The leak page shows no screenshots or other visual assets (no images) and indicates no downloadable files. The incident is associated with Italy (country IT) with the organization located in Milan. The metadata does not specify a demanded ransom amount; instead, the existence of a claim URL suggests the attackers seek to press for data access or public release as leverage. Overall, the post presents a data-leak narrative affecting a professional services firm handling financial documentation and client data, underscoring the risk such organizations face from ransomware actors.