Ransomware Group: INCRANSOM

VICTIM NAME: awo-ka-land[.]de

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the INCRANSOM Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

On September 24, 2025 at 20:28, a leak page published by the threat actor group incransom claims that awo-ka-land[.]de, a German organization operating in the Karlsruhe district, was compromised in a ransomware incident. The organization provides a broad spectrum of social services for people of all ages, including childcare, youth assistance, and senior care, with offerings that span health and nursing services, social programs, and catering. The post describes awo-ka-land[.]de as a victim and presents a profile of the organization, noting approximately 25 employees and roughly $5 million in annual revenue, along with more than 2,000 members across 18 local associations. The page also indicates the presence of a claim URL and includes nine attached images hosted on an onion service, presented as evidence of the breach.

The leak page cites a substantial data volume—66,354,173,737 bytes (about 61.8 GB)—as exfiltrated. Nine image attachments accompany the post, likely depicting internal documents or screenshots, though the exact contents are not described in the text. There is no explicit ransom demand or encryption status stated in the available metadata, and the post does not clearly categorize the incident as encrypted data or a data leak. The presence of a claim URL suggests the attackers intend to disclose additional information behind that link, and the materials are hosted on an onion-based platform, reflecting a channel chosen for restricted access dissemination.

In summary, the leak page centers on awo-ka-land[.]de as a German social services provider, framed as a ransomware victim by incransom. The page emphasizes the organization’s scope and mission, and it displays nine image attachments as purported evidence of the intrusion. Because the dataset does not provide a separate compromise date, the published post date of 2025-09-24 20:28:00 is treated here as the post date for this entry. The entry underscores the ongoing risk ransomware poses to mid-sized public-service organizations, illustrating how internal materials may be exposed via leak sites and how attackers leverage onion-hosted content to disseminate information.