Ransomware Group: HANDALA

VICTIM NAME: List of Spacecom employees

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the HANDALA Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

On September 28, 2025 at 09:08:29.211971, a ransomware leak page published under the victim name “List of Spacecom employees” appears to advertise the release of a personnel data set from Spacecom, a technology-focused organization. The post presents this as a data-leak event rather than an encryption incident, and it explicitly invites readers to obtain the list directly from the site by downloading a file described as the Spacecom employees list. The page’s wording suggests the attackers aim to provide direct access to internal contacts, implying reputational and privacy risks for staff rather than a technical compromise of systems. Because no explicit compromise date is provided, the timestamp is treated as the post date for reference.

The leak page includes a single downloadable file: a PDF described as the Spacecom employees list. There are no accompanying images or screenshots on the page (images_count is 0), and the page itself contains only one link to the PDF, with the context “Download Spacecom employees List.” The metadata shows no stated ransom amount or monetary demand on the page (the income_or_ransom field is empty), reinforcing the interpretation that this is a data-exposure post focused on releasing personnel information rather than a traditional encryption extortion tactic. The body excerpt also references the Handala Hack Team in passing and contains unrelated script-like content embedded in the text, but these elements do not alter the page’s primary claim: the publication of a staff contact list.)

From a threat intelligence perspective, this leak centers on the potential exposure of employee contact details rather than a systemic compromise or encryption event. The release could facilitate phishing or social engineering targeted at Spacecom personnel, and it highlights the importance of monitoring for related activity, such as public postings or downloads of internal contact data. While the file is described as a list of employees, personal data within the PDF is not reproduced here, and PII has been redacted in this summary. The victim name to anchor analysis remains “List of Spacecom employees.”