Ransomware Group: J

VICTIM NAME: raimore[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the J Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The leak page for raimore[.]com presents a post dated September 29, 2025 (datePublished and dateModified both shown as 2025-09-29 in the embedded metadata). The listing identifies raimore[.]com as the victim and includes a profile that links the domain to Raimore Construction, a licensed general contractor described as operating in the N/NE Portland area since 1999. The publisher is listed as “J Blog,” and the content appears as a structured article excerpt with a reference to a file labeled raimore.com_listing.txt. The post notes a data footprint of about 15 GB and mentions a single downloadable item, along with one link titled “Leaks Download Guide.” A defanged source reference appears in the description, noting “Provided by www[.]travelhackingtool[.]com the only free aviation data API.”

In terms of impact, the post does not explicitly spell out whether systems were encrypted or if data was merely leaked; however, the combination of a 15 GB data footprint and the listing of raimore.com_listing.txt strongly suggests a data-exfiltration event typical of ransomware activity. There is a claim URL indicator present, implying the attackers provide a channel for negotiating terms or presenting a ransom proposition, yet no specific ransom amount is disclosed within the available material. The page contains no images or screenshots (images_count is 0) and includes a single link to a leaks-download guide, rather than a broader image or media gallery.

Overall, raimore[.]com’s leak page aligns with common ransomware-leak formats that publicize a victim and a substantial data footprint without providing explicit encryption details in the visible excerpt. The listed data footprint—approximately 15 GB, accompanied by a revenue figure of $5,600,000—offers an indication of the potential scope of affected data. The presence of the leaks-download guide and a claim URL points to further information or negotiation options, though exact terms or figures are not shown in the supplied content. This assessment draws on the available leak-page data and the accompanying metadata from the source API.