Ransomware Group: IMNCREW

VICTIM NAME: Stiga[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the IMNCREW Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware attack targeted the well-established gardening brand, Stiga, which has been operational since 1934. The attack was discovered on May 20, 2025, and involved the theft and potential leak of sensitive data. Stiga’s products are manufactured across multiple countries, including Sweden, Italy, Slovakia, and China. The threat group responsible is identified as IMNCrew. The leak webpage indicates the availability of a data archive file, which may contain valuable internal information. The site includes a claim URL linking to a file hosted on a dark web onion site, suggesting that compromised data could be accessed or downloaded by interested parties. The attack appears to be part of a wider campaign targeting companies in the consumer services sector, emphasizing the importance of cybersecurity defenses against such intrusions.

The leak page features a screenshot or preview of the stolen data, as well as a download link to a compressed archive file, which may contain confidential documents, internal communications, or proprietary information. No specific PII or sensitive personal data are disclosed in the publicly available content. The target company’s long-standing reputation and manufacturing footprint make it a notable victim within the industry. The attack disrupts business operations and amplifies the need for protective measures focusing on data security. While no explicit details about the leaked data are provided, the presence of a claim URL and the group’s public claim suggest that malicious actors aim to pressure the victim for ransom or to showcase their potential reach within corporate networks. Security teams should remain vigilant and review their defenses accordingly.