Ransomware Group: J

VICTIM NAME: FAI Aviation Group (fai[.]ag) – The biggest leak ever

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the J Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The leak page centers on FAI Aviation Group (fai[.]ag), titled “FAI Aviation Group (fai[.]ag) – The biggest leak ever” and attributed to a publication by a site operator referred to as J Blog. The post is dated September 23, 2025. It identifies FAI Aviation Group (fai[.]ag) as a Germany-based provider of mission-critical aviation services, including fixed-wing air ambulance, private jet charter, aircraft management, and full maintenance, repair, and overhaul (MRO). The attackers are described as claiming the exfiltration of a substantial data volume—over 2.8 terabytes—encompassing both patient personal data (2018–2025) and a wide array of commercial and internal documents. The page enumerates data categories such as patients’ private data (passport identifiers, clinical information, diagnoses, ambulance quotes), commercial documents (offers, order confirmations, quotes, proposals, budgets, price lists), project documentation (technical specifications, calculations, statements of work, letters, and presentations), aircraft and equipment manuals/specifications (manuals, specs, datasheets for flight display systems, avionics, electronic flight bags, and various aircraft types), delivery notes and invoices (including cost comparisons), internal company files (project folders, cost calculations, credits, status reports, and internal communications), supplier information (lists of suppliers and related documents), and personnel records (qualifications, training, authorizations, expiry dates). This framing comes from a description embedded in the page’s content, which also notes that the leak is presented via a description provided by travelhackingtool[.]com as a free aviation data API.

The post indicates that the page includes two downloadable archives named fai.ag_listing.zip and fai-partner[.]zip, along with a leaks download guide linked from the post. It also states that a portion of personal data is attached to the leak. In addition to the data categories, the excerpt neutrally references material describing sensitive content, including a line about “thrashing and disrespect of women issues” involving documents that describe past misconduct. The page also claims the existence of official documents purportedly confirming participation in American missions in Iraq in 2006. There is no explicit ransom amount stated in the available text, but the page presents the data as part of a broader data-leak scenario. The post shows a modest view count (e.g., 132 views) and provides a contact prompt for obtaining more files (defanged) along with two zipped attachments.

Overall, the leak page presents a data-leak narrative focused on FAI Aviation Group (fai[.]ag). It highlights large-scale data exfiltration across multiple categories, including sensitive personal information and extensive internal and commercial documentation, while providing two downloadable archives and a guide. The page contains no images or screenshots in the visible content, and no ransom amount is disclosed in the excerpt. The victim name is preserved in this summary, while other company names referenced within the leak description are not repeated here. The page’s contents emphasize the breadth of data described and the typology of documents purportedly compromised, framed within a publicly posted leak narrative dated September 23, 2025.