Ransomware Group: GUNRA

VICTIM NAME: SEGUROS AMÉRICA

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the GUNRA Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

On August 18, 2025, SEGUROS AMÉRICA, a financial services company based in Nicaragua, was identified as a victim on a ransomware leak page attributed to the threat actor group gunra. The post frames the incident as a data-leak event rather than a traditional encryption outage and includes a claim URL for verification. The posted timestamp is treated as the official post date, with no separate compromise date provided in the data. No ransom amount is disclosed on the page. The leak page shows no images or screenshots and lists 18 downloadable documents, indicating a data exfiltration-focused disclosure rather than a systems-encryption notification.

The 18 attachments appear to be spreadsheet files, with naming patterns suggesting client records, account details, risk information, policies, and other financial operations data related to SEGUROS AMÉRICA. The presence of these documents implies potential exposure of customer information and internal records, which could raise regulatory, privacy, and reputational concerns for the victim and its clients. There are no visual materials on the page to corroborate the data, and there is no stated ransom figure on the post. The claim URL included on the page provides a pathway for verification, which is a common tactic used by ransomware operators to lend legitimacy to their claims.

From a threat intelligence perspective, this leak aligns with data-leak extortion patterns in which sensitive documents are exfiltrated and selectively disclosed. The post date serves as the published timestamp for the disclosure, given the absence of a separate compromise date. The focus on the financial services sector in a Central American country adds to the sector-specific risk profile and highlights the ongoing threat to customer data and corporate records within this industry. While this summary does not reveal personal identifiers, the underlying data could contain sensitive information that requires careful handling to prevent inadvertent exposure of private details.