Ransomware Group: INCRANSOM

VICTIM NAME: seasonsfour[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the INCRANSOM Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to a retail business operating in the United States, specifically Seasons Four, which specializes in outdoor furniture, garden accessories, and related products. The attack was discovered on July 24, 2025, approximately seven hours after the attack date of July 24, 2025, at 15:47 UTC. The incident involves potential data exfiltration or compromise of sensitive business information, including details about the company’s operations, contacts, and possibly internal documents, as indicated by the presence of a screenshot showing internal material. The leak may include data that could impact customer trust and business operations, although specific sensitive information has been obscured or redacted in the public release.

The page includes a prominent screenshot, which may show internal documents or business details, but no explicit PII or customer information is disclosed publicly. Additional indicators suggest the attackers have gained access to business data, and a claim URL has been provided, which leads to a secure onion site for further claims or negotiations. The victim’s website is active in the retail industry with a focus on outdoor living, and the business remains operational, with no immediate indication of disruption from the attack beyond the leak. The entire incident highlights the ongoing threat to small and medium-sized retail businesses from cybercriminal groups employing ransomware techniques.