Ransomware Group: INCRANSOM

VICTIM NAME: TLD Law[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the INCRANSOM Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

On September 23, 2025, a leak page associated with the group incransom identified TLD Law[.]com as a victim in the United States. TLD Law[.]com is a Southern California law firm that provides estate planning, business transactions, employment law, real estate, and civil litigation services. The post claims that in September the attackers downloaded corporate information from the victim’s server at tldlaw[.]com and that management decided not to contact the attackers; as a result, the threat actors published a small set of screenshots of internal corporate information. The post characterizes this as a data-leak event and states that personal information of employees, internal mail, and financial information were compromised. The leak page includes 28 image attachments intended to illustrate the data stolen, though the specific contents of those images are not described in the post.

There is no explicit ransom amount disclosed in the material, and the post does not provide a direct contact method. Metadata associated with the leak lists a revenue figure of 30M$, likely reflecting the firm’s annual revenue rather than a ransom demand. The material is dated September 23, 2025 (the post date; no separate compromise date is provided). The content emphasizes the risk to clients and employees stemming from the exposure of sensitive information—employee data, internal communications, and financial records—reflecting a ransomware data-leak pattern affecting professional services firms in the United States. The post attributes the publication to the group incransom and relies on 28 image attachments to support the claim, without detailing the exact contents of those images.