Ransomware Group: INCRANSOM

VICTIM NAME: neues-leben[.]de

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the INCRANSOM Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The compromised entity is an organization based in Germany, operating within the education industry. The leak indicates that the attack was discovered on July 22, 2025, with an attack date listed as July 21, 2025. Despite the activity being classified as “Not Found,” the data suggests that the organization experienced a ransomware incident that resulted in the exposure of a significant amount of information. The organization employs approximately 25 staff members and generates an estimated revenue of 5 million dollars annually. The attacker group responsible for this incident appears to be identified as “incransom.”

The leak page contains a publicly available screenshot showing the organization’s website interface, which promotes online theological courses, religious content, and mission-related activities. No specific sensitive data or PII about individuals has been released, but the page emphasizes their mission work and outreach programs. Notably, there is no evidence of the release of confidential client or employee information. The site includes download links or data leaks, though explicit details are not provided. Additional details include the victim’s contact number and a link to their website, enquanto, the content appears to focus more on public outreach than on any direct compromise of sensitive data.

The incident underscores the importance of cybersecurity awareness within the education sector, especially given the potential risks associated with ransomware attacks. The organization’s website serves as a portal for outreach and community support, noting that digital media is a crucial tool in their mission efforts. A detailed screenshot of the website indicates no apparent malicious payloads or explicit data theft, but the breach suggests vulnerability. The attack highlights the need for robust cybersecurity measures to protect organizational resources, even in non-commercial or non-corporate environments. No further details about the stolen or leaked data are publicly available at this time.