Ransomware Group: IMNCREW

VICTIM NAME: Onegolditalia[.]it

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the IMNCREW Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak webpage pertains to the company operating under the domain onegolditalia.it, which is based in Italy. The company has been engaged in precious and non-precious metals processing since 2000, focusing on creating jewelry accessories and ensuring quality at every stage of production. The attack was discovered and disclosed on August 2, 2025, with the compromise date also recorded as August 2, 2025. The breach involves the release of data linked to the victim, and a download link for the compromised data is provided, allowing interested parties to access the leaked information. The page includes visual content, such as screenshots, which may depict internal documents or processes related to the company’s operations. While specific details of the leaked data have not been disclosed publicly, the leak indicates a significant security incident involving the company’s confidential information.

The ransomware group responsible for the attack is identified as IMNCrew, and no additional groups or duplicates of the leak have been reported. The incident underscores the cybersecurity risks faced by companies in the manufacturing sector, especially those involved in luxury goods and precious metals. The leak could potentially include sensitive business data; therefore, the company and stakeholders should prioritize cybersecurity measures and investigate the breach thoroughly. No information regarding the attack vector, specific data compromised, or further malicious activities has been detailed publicly at this time. Caution is advised for stakeholders and cybersecurity professionals monitoring the case for ongoing developments.