Ransomware Group: INCRANSOM

VICTIM NAME: Koninklijke Ahold Delhaize N[.]V[.]

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the INCRANSOM Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware group has announced a data breach involving Koninklijke Ahold Delhaize N.V., a major player in the agriculture and food production sector. The attack was discovered on April 16, 2025, and the group claims to have exfiltrated approximately 6 terabytes of sensitive data. The breach affects the company’s operations across multiple regions, including the United States, Europe, and Indonesia. The leak page features a screenshot of internal data, emphasizing the severity of the compromise. The group threatens to publish the stolen information soon, indicating a potential risk to the company’s internal communications, operational details, and customer data. The victim’s activity and regional impact are highlighted, and the claim URL points to a controlled blog space where further details will be shared. No personal or PII data of customers or employees is explicitly disclosed in the leak summary. The site also emphasizes that this incident involves the larger “incransom” ransomware group.

The leak page includes a link to a blog post for further updates and features a broad visual screenshot of potentially internal documents or data. The threat actors are using this platform to announce the breach publicly, warning of the upcoming data release. The victim is a well-known supermarket and food distributor that caters to millions of customers globally, and this incident underscores the significant risk posed by ransomware threats in the food supply chain industry. Overall, the leak signals a serious cybersecurity incident, with potential implications for business continuity and data security. No specific technical details or individual data points are provided, but the size of the data leak and the threat to publish all exfiltrated data underscore the gravity of the situation.