Ransomware Group: INTERLOCK

VICTIM NAME: Wilsonville Toyota-Scion

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the INTERLOCK Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak web page pertains to Wilsonville Toyota-Scion, a car dealership based in Wilsonville, Oregon, USA. The company offers a wide range of vehicles, including sedans, hatchbacks, convertibles, coupes, and passenger vans. Founded in 2007, the business operates in the consumer services sector. The leak was discovered on June 25, 2025, and the attack date is recorded as June 25, 2025, indicating a recent incident. Evidence suggests that the attackers have accessed and potentially compromised the company’s internal information. The page features a screenshot of the leaked data and provides a link to the ransom claim URL, which leads to Onion sites hosting the stolen information. The leak does not specify the type or volume of data compromised but indicates a possible data breach involving the company’s internal systems.

The leak site contains images of internal documents, which may include sensitive information relating to the company’s operations. Although no specific personal or PII information is disclosed publicly, the leak raises concerns about the security of the organization’s digital assets. The incident appears to be part of a broader attack group called “interlock.” Importantly, the details provided do not reveal details about any particular individuals or employees. Given the nature of the attack and the evidence presented, the incident underscores the importance of robust cybersecurity measures for businesses in the consumer services sector. The included screenshot visually confirms the leak, and the claim URL directs interested parties to additional data stored on dark web platforms.