Ransomware Group: INTERLOCK

VICTIM NAME: Pequannock Township School District

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the INTERLOCK Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

Pequannock Township School District, a U.S.-based educational institution, is identified as the victim on a ransomware leak post attributed to the Interlock group. The post date is August 15, 2025 (timestamp 2025-08-15 21:51:48.894616), which is the published date for this leak entry. The page states that roughly 183.2GB of the district’s data has been exfiltrated and presents a dataset-like listing showing a “pequannock (183.2GB)” item alongside prompts that imply searching within folders and subfolders. The page also describes a web-based file management tool identified as Tiny File Manager (a PHP-based solution), which may reflect the environment used to access or stage the stolen data. A claim URL is present on the leak page in a defanged form, but there are no visible downloads or images on the page (downloads_present is false; images_count is 0). The content is framed around data exfiltration rather than an encryption-only event, and no ransom amount is disclosed in the available fields.

The page centers on the asserted theft of data from Pequannock Township School District within the Education sector, with the data volume listed at 183.2GB. No additional attachments or media appear to accompany the post (annotations show no images or links), and the entry identifies the threat actor as Interlock while marking the post date as the publication date. A defanged claim URL is noted for readers to access, but the provided metadata does not include an explicit monetary demand or ransom figure. The presence of a PHP-based file manager reference suggests the attacker’s possible use of a web-accessible tool in the compromise, and the listed data footprint reinforces a data-leak narrative typical of this ransomware family’s posts.