Ransomware Group: INCRANSOM

VICTIM NAME: erichschleichgmbh[.]de

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the INCRANSOM Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware group’s leak page publicly exposes information related to a cybersecurity incident affecting a German company operating in the retail sector, specifically in sporting and recreational equipment. The attack was discovered on July 31, 2025, and the breach was confirmed shortly thereafter. Although detailed technical data was not provided, the page includes a screenshot indicating evidence of compromised systems or internal information. The leak aims to alert the company’s stakeholders and the public about the incident, which may involve data theft or extortion efforts. The company is based in Denklingen, Bavaria, with approximately five to nine employees and annual revenue estimated between 1 to 5 million euros.

The leak site specifies that there are download links or leaked data available, although specific files or information are not directly disclosed. The page features a screenshot of what appears to be internal documents or a preview of sensitive information, emphasizing the gravity of the breach. The attacker group associated with this incident is identified as “incransom.” No additional personal or PII data was included in the report. The incident has been publicly acknowledged through a dedicated onion site, allowing interested parties to access the leak securely. The attack underscores ongoing cybersecurity challenges faced by small-to-medium enterprises in the retail industry, especially in protecting business-critical data from cybercriminal groups.

Additional details reveal that no user credentials or third-party information were compromised according to available data. The attacker’s focus appears to be on extracting and releasing internal business data, possibly for extortion or reputational damage trade-offs. The victim’s domain, erichschleichgmbh.de, and contact number are publicly listed, but sensitive details such as employee or customer PII remain undisclosed or protected. This incident highlights the importance for organizations in similar sectors to bolster their cybersecurity defenses against ransomware threats, especially given the increasing sophistication of attack groups and the prevalence of leak sites used for data extortion.