Ransomware Group: INCRANSOM

VICTIM NAME: deliastamales[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the INCRANSOM Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The leak page pertains to an incident involving the website of a food service company that specializes in traditional tamales. The attack was discovered on July 31, 2025, and the data breach was publicly acknowledged shortly afterward. The affected organization operates primarily in the United States, specifically in South Texas, and has been recognized for its popular tamale offerings with a nearly three-decade history. The company’s operations include six physical locations and online ordering options, serving a broad customer base. The breach appears to involve infostealer malware, with evidence of activity from multiple hacking tools. The compromised data, as depicted in the leak, includes internal information related to company employees and operations, though no PII has been explicitly detailed in the leak summary. The leak page includes a screenshot of the company’s internal documents, indicating the exposure of sensitive data. Download links or files associated with the breach are implied, but specific file details are not provided here.

The incident was linked to a cybercrime group actively engaged in data theft and extortion activities, with evidence showing the use of malware such as Azorult, Lumma, and RedLine. The hackers have publicly shared the data on dark web platforms, aiming to pressure the organization or demonstrate their access. The breach involves a relatively small number of users’ data, but the exposure of operational details and employee contacts could potentially lead to further risks. The presence of a screenshot suggests that internal materials, possibly including confidential correspondence or operational documents, are part of the leak. The victim’s industry is noted as transportation-related consumer services, with operations based in the U.S., and the incident marks a significant cybersecurity event for the organization.