Ransomware Group: INCRANSOM

VICTIM NAME: Quadrangle Imaging Center

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the INCRANSOM Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

Quadrangle Imaging Center, a healthcare provider based in Puerto Rico, is identified in a ransomware leak page as a victim. The post, dated August 22, 2025, frames the incident as a data leak rather than an encryption-only event and claims that sensitive data has been exfiltrated. The leak page lists data categories that appear to include patients’ personal data and related medical information, information used for organizing appointments and gathering feedback, and accounting/finance records. Contact details for the imaging departments are visible on the page, but in this sanitized summary those PII elements have been redacted. The page also presents nine screenshots of internal documents to illustrate the breach and references a claim URL; several image links are indicated in the page’s annotations, defanged for safety.

The post date is August 22, 2025, which is treated here as the publication date in the absence of a separately provided compromise date. The content suggests a data-leak approach consistent with double-extortion campaigns, rather than a purely encryption-based event. Nine screenshots of internal documents are provided to support the attackers’ claims, with the images hosted on onion services (links are defanged in this summary). The metadata includes a field labeled revenue with a value of 5M$, which may reflect an asserted ransom amount associated with the incident. The page indicates a claim URL is present, pointing to additional details beyond the visible post.

Overall, the leak page emphasizes potential exposure of patient information and related administrative data for Quadrangle Imaging Center. PII elements—such as emails and phone numbers—are present on the source page but have been redacted here to protect privacy. The nine screenshots imply documentation of internal records, and the post’s content has not been independently verified in this summary. The event underscores ongoing ransomware risks in the healthcare sector and the importance of monitoring leak repositories for updates related to this victim.