Ransomware Group: IMNCREW

VICTIM NAME: Repremundo[.]com[.]co

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the IMNCREW Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware incident affecting the organization known as RepreMundo, a management consulting firm based in Bogotá, Colombia, was publicly disclosed on June 14, 2025. The leak page indicates that the attack was discovered shortly after the compromise, revealing that the attackers gained unauthorized access to sensitive company data. This organization has between 500 and 999 employees and generates annual revenue estimated between 10 and 25 million USD. The threat group identified as IMNCrew claimed responsibility for this attack, emphasizing their capability to breach corporate defenses and exfiltrate data.

The leak page suggests that data from RepreMundo has been compromised and may include confidential or proprietary information. The attackers have provided a claim URL linking to a ZIP file hosted on the dark web, which potentially contains stolen data. Although explicit details of the content are not provided, the presence of this link indicates a data exfiltration incident. The incident’s discovery timestamp matches the attack date, underscoring the rapid detection of the breach. No specific PII or sensitive operational details are publicly displayed at this stage, but the leak signals a significant security compromise for the victim organization.

The online leak does not currently feature screenshots or additional files, but the incident has attracted attention within cybersecurity circles. The organization’s domain, RepreMundo.com.co, remains active, suggesting operational continuity despite the breach. The attack is a reminder of the persistent threat posed by organized cybercriminal groups targeting mid-sized companies in Latin America. Organizations are advised to review their security measures and monitor for further ransomware activity or data leaks related to this incident.