Ransomware Group: HUNTERS

VICTIM NAME: Kenworth Del Sur

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the HUNTERS Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page publicly details a cybersecurity incident involving the transportation and logistics company, Kenworth Del Sur, based in Mexico. The attack was discovered on April 25, 2025, and appears to have occurred shortly before that date. The threat actors involved are identified as part of the group’s operation, and the incident has resulted in data exfiltration and encryption of sensitive information. The leaked data includes confidential company files, which have been made accessible through the leak site. The attackers claim that the data is both exfiltrated and encrypted, suggesting a double extortion tactic aimed at pressuring the victim for ransom payments.

The leak page includes a screenshot of internal documents, which indicates that the compromised data contains proprietary information. Additionally, there are downloadable links or references to data leaks, although specific file details and URLs are not provided in this overview. The incident affects a company operating within Mexico, in the transportation and logistics industry, highlighting the targeted nature of the attack. No personal or PII data is explicitly mentioned in the leak summary, indicating that the breach was focused on corporate data rather than individual details. This attack underscores the ongoing threat to transportation companies from sophisticated ransomware actors.