Ransomware Group: INCRANSOM

VICTIM NAME: iblinfo[.]de

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the INCRANSOM Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to a technology-focused engineering firm based in Halle (Saale), Germany. The victim, operating under the domain iblinfo.de, specializes in land development planning and geodata services, primarily serving rural areas. The breach was discovered on April 16, 2025, with the data leak occurring shortly after, on the same day. The compromised data includes approximately 56 GB of internal information, potentially exposing operational details and internal documents. The page features a screenshot depicting internal content, which hints at the extent of the breach. No personally identifiable information or sensitive client data is explicitly disclosed, but the leak suggests a significant violation of internal data security.

The incident involves an unknown hacker group that publicly announced the breach, which includes the theft of confidential business data and a significant volume of internal records. The victim’s industry is engineering with a revenue of around 5 million USD and 25 employees. The breach’s timing indicates a deliberate attack aiming at disrupting business operations or gaining leverage. The published data may include internal communications, project details, and other proprietary information, though explicit content is not detailed. The leak page emphasizes the presence of download links, hinting that the stolen data may be available for public access, potentially causing reputational and operational damage to the company.