Ransomware Group: INTERLOCK

VICTIM NAME: DaVita

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the INTERLOCK Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page relates to DaVita Inc., a healthcare company specializing in kidney dialysis services for patients with chronic kidney failure in the United States. The information indicates that the attack was discovered on April 25, 2025, and involved a malicious cyber incident on April 12, 2025. The breach resulted in the encryption of certain parts of the company’s network, leading to disruptions in some operations. DaVita responded promptly by activating cybersecurity protocols and isolating affected systems while investigations continue. The incident’s full impact on ongoing services remains undetermined. The page includes a screenshot of internal documents, suggesting possible data exposure, but specific details have been redacted to protect sensitive information.

The compromised data appears to include information related to the company’s activities in healthcare, particularly nephrology services, outpatient dialysis, clinical laboratories, and related healthcare programs. The incident’s severity is underscored by the presence of multiple infostealer statistics linked to malware families such as Raccoon, RedLine, and others, indicating targeted data theft. Download links or leaked data may be present on the leak site, but explicit URLs and details are omitted here. The breach affects approximately 801 users and involves various third-party entities. The company’s official response and ongoing investigation suggest that the attack is being actively managed, with further updates expected as the situation develops.