Ransomware Group: INCRANSOM

VICTIM NAME: stalkerradar[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the INCRANSOM Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

On October 5, 2025, a ransomware leak post attributed to the group incransom targets stalkerradar[.]com, the domain associated with Stalker Radar. The page presents stalkerradar[.]com as a victim in a ransomware-style data-leak event and includes a claim that a large volume of data was exfiltrated from the victim’s network. The site lists a data quantity of roughly 59.7 GB. The accompanying description provides corporate context for the victim, identifying it as a U.S.-based manufacturing entity with about 142 employees and approximately $25.3 million in revenue; the industry label on the page shows Manufacturing. The post includes a redacted contact line in the narrative and a claim link, but no ransom amount is disclosed in the provided metadata. The leak is framed as a public announcement by incransom and is accompanied by a set of image attachments to illustrate the claim.

The leak page notes that it contains 21 image attachments. These images appear to be visuals such as screenshots or document-style images that accompany the leak, though their exact contents are not described in detail. The presence of a claim link (claim_url_present: true) suggests an attempt to substantiate or broadcast the breach, while the overall data size implies a substantial data dump rather than a simple encryption event. PII in the post’s text is redacted, including any phone numbers; the victim’s name remains stalkerradar[.]com, in line with the page’s focus, and the metadata confirms incransom as the issuing group. No explicit ransom figure is publicly provided within the available summary data.

From a defensive standpoint, the listing of a sizable data dump (about 60 GB) alongside a public claim and multiple visuals aligns with the common ransomware leak pattern observed in double-extortion campaigns. The post date serves as the published date for the leak, with no separate compromise date provided. Security teams should monitor for additional leak updates from incransom related to stalkerradar[.]com, review existing access controls and data handling processes for the relevant assets, and consider reaching out to affected stakeholders if indicators of exposure surface in other sources. The victim name is retained as stalkerradar[.]com for consistency with the leak, while non-essential identifiers and contact details remain redacted to protect privacy.