[INCRANSOM] – Ransomware Victim: VZW Avalon
NOTE: No files or stolen information are exfiltrated, downloaded, taken, hosted, seen, reposted, or disclosed by RedPacket Security. Any legal issues relating to the content should be directed at the attackers, not RedPacket Security. This blog is an editorial notice informing that a company has fallen victim to a ransomware attack. RedPacket Security is not affiliated with any ransomware threat actors or groups and will not host infringing content. The information on this page is automated and redacted whilst being scraped directly from the INCRANSOM Onion Dark Web Tor Blog page.
AI Generated Summary of the Ransomware Leak Page
On 2025-10-31 05:05:00.000000, a leak page published by the ransomware group incransom concerns VZW Avalon, a Belgium-based telecommunications operator. The post identifies the victim’s industry as Telecommunication and describes the incident as a data-leak event rather than a standard encryption claim, based on the available data. The page catalogs a data package consisting of 38,554 files totaling 31,312,417,174 bytes (about 31.3 GB) as the material tied to the breach. The presence of a claim URL (defanged) suggests the attackers include a link to ransom-related notes or instructions, though the exact ransom figures or terms are not disclosed in the provided data. The summary indicates that the attackers publicly posted a portion of the stolen material rather than claiming encryption with a ransom note.
In terms of visuals, the leak page shows no screenshots or images, and there are no additional downloadable files or external links listed beyond the defanged claim URL. The input data records zero images, zero downloads, and zero links, indicating the page relies on a textual data listing and the single claim reference. No personally identifiable information such as emails, phone numbers, or addresses is visible in the provided data, and any such details have been redacted; the only explicitly named entity retained is the victim, VZW Avalon. The dataset size and file count suggest substantial data exfiltration from the telecommunications operator rather than a simple encryption indicator.
Defensive takeaway: This leak demonstrates the ongoing risk to telecommunication providers from ransomware operators who publicly exfiltrate large data sets. Organizations should review their data governance and incident response plans, monitor leak sites for postings mentioning their name, and verify whether any exposed data pertains to their operations. The post is dated 2025-10-31, marking the public release date of this particular victim’s data on the incransom page.
Support Our Work
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.
