Ransomware Group: INCRANSOM

VICTIM NAME: tsaworld[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the INCRANSOM Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to TSAworld Inc., a company operating in the retail industry within the United States. The company specializes in providing office equipment and supplies, including projectors, printers, copiers, and scanners, along with related parts and maintenance services. Their operations are based in Peachtree Corners, Georgia, serving clients who require technical office solutions. The compromised data includes a substantial volume of 25GB of information, indicating a significant data breach. The incident was discovered on July 7, 2025, several hours after the initial attack was identified. The leak potentially exposes internal business details, resource links, and operational data.

The leak page includes a screenshot of internal documents, illustrating the nature of compromised information. The breach involves infostealer activity, specifically RedLine malware, which is known to extract sensitive data from affected systems. A download link to the stolen data is present, emphasizing the severity of the incident. While no personal identifiers or PII appear to be disclosed in the provided information, the leak may reveal business-related details that could impact the company’s operations and reputation. No additional press releases or official statements are available, but the page underscores a targeted attack on TSAworld’s infrastructure, with suspected exploitation of third-party or internal vulnerabilities. The incident highlights the ongoing threat landscape faced by organizations in the retail and technology sectors.