Ransomware Group: INCRANSOM

VICTIM NAME: MJets

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the INCRANSOM Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

On August 15, 2025, a leak page associated with the incransom group claims to have compromised MJets, a Thailand-based transportation and logistics company. The post frames the incident as a data-leak event rather than a traditional encryption breach and asserts that a stolen database contains the personal data of more than 1,500 individuals, along with financial information and other internal files belonging to MJets. The post date is 2025-08-15 02:25:00.000000, and no explicit compromise date is provided beyond the publish date. A claim URL is indicated on the page, suggesting the attackers intend to publicly disclose or monetize the leaked material. The page situates the victim within the Transportation/Logistics sector in Thailand.

The leak page includes seven image attachments described as screenshots of internal documents. These visuals are presented to support the data-leak claim, though their specific contents are not detailed in the excerpt. The page does not disclose a ransom amount, and there is no explicit mention of encryption in the available material. Taken together, the page underscores the ongoing risk ransomware poses to regional transportation and logistics operators, highlighting the potential exposure of personal and financial data associated with MJets. PII and internal records are indicated as the focus of the alleged breach, though specifics are redacted in this summary.