Ransomware Group: INCRANSOM

VICTIM NAME: MTTEXPERTISES[.]COM

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the INCRANSOM Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak site has publicly disclosed details related to MTT Expertises, a Franco-Moroccan company specializing in asset valuation and post-incident analysis within the technology sector. The breach was discovered on June 6, 2025, with subsequent activity recorded later on the same day. The leak includes a screenshot of the victim’s website, offering visual confirmation of the company’s online presence, but no sensitive or personally identifiable information has been publicly disclosed. Additionally, the site mentions that the attackers may have uploaded data or files, although explicit details about compromised data are not provided. The threat actors are affiliated with the group “incransom,” indicating their involvement in ransomware-related activities. No specific details about the scope or content of the leaked data are available publicly.

MTT Expertises is a well-established firm operating in Morocco, with offices in Casablanca, Agadir, and Tangier, and a presence in France and other African countries. The company provides a range of services including risk management, insurance estimations, and post-incident support, supported by a team of over 40 specialists. The breach has garnered attention due to the company’s prominence in the asset valuation and insurance sectors. The leak includes a link to the threat group’s blog post, but no downloadable data or explicit leak contents are publicly accessible. The incident highlights ongoing cybersecurity challenges faced by companies in the region, and the leak serves to pressure the victim into paying ransom or to demonstrate their vulnerabilities.