Ransomware Group: INCRANSOM

VICTIM NAME: Cobra Rolamentos e Autopeças

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the INCRANSOM Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

On October 5, 2025, the leak page associated with the group incransom identifies Cobra Rolamentos e Autopeças as a victim of a ransomware incident. Cobra Rolamentos e Autopeças is a Brazilian distributor of auto parts, motorcycle parts, and bearings, with a strong footprint in the automotive aftermarket. The page notes that the company distributes well-known brands in the sector and operates its own label, Cobra Automotiva, with a distribution network of more than 30 units across Brazil. The post places the event within the manufacturing sector and presents Cobra Rolamentos e Autopeças as a sizable regional distributor.

The leak page includes 22 image assets (likely screenshots) as attachments; the exact contents of these images are not described in the available data. The presence of these images suggests the attackers provided supporting material. The metadata also indicates a claim URL may be present on the page (claim_url_present: true), which could point to additional notes or instructions. The provided data does not explicitly state whether the attack involved encryption or a data leak, nor does it include a disclosed ransom amount.

Post date: October 5, 2025. The key_date field in the dataset corresponds to the leak’s publication date rather than a separate compromise date, which is not provided in the available information. The entry focuses on identifying the victim and outlining basic business context rather than detailing specific leaked content in this excerpt.