Ransomware Group: INCRANSOM

VICTIM NAME: terex

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the INCRANSOM Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The leak page is attributed to the ransomware actor group incransom and concerns a victim named terex, identified as operating within the Manufacturing sector in Canada. The page presents terex as the targeted entity and includes a description that characterizes the victim as a leading Canadian environmental consulting firm focused on environmental programs for the energy sector, emphasizing regulatory liaison and alignment with regulatory frameworks. The post is dated 2025-10-05 12:00:00.000000, and since no explicit compromise date is listed, this post date is used as the event date for reporting. The page also indicates the presence of a claim URL, signaling that attackers provide a public-facing statement alongside the leak.

The release features a gallery of 24 images or screenshots attached to the post. No downloadable files are indicated on the page (downloads_present is false), and there is no explicit ransom amount shown in the available metadata. The existence of a claim URL and a sizeable image collection aligns with common ransomware extortion patterns, where visual evidence accompanies the public notification of the intrusion. Some image entries include country flag icons, suggesting geographic references or branding cues within the post.

In preparing this summary for publication, personal contact details are redacted and the victim name terex is preserved. The content has been translated to neutral English to preserve context and meaning, and any URLs are defanged in this summary. The available data do not specify whether data was encrypted or exfiltrated, nor is there a stated ransom figure; the emphasis is on the post date, the image gallery, and the presence of a claim page rather than explicit monetized demands.