Ransomware Group: J

VICTIM NAME: Virtual Projects (virtualprojects[.]build)

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the J Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

Virtual Projects (virtualprojects[.]build) is described in the leak page as a Denmark-based construction and engineering firm that emphasizes BIM-enabled solutions and disruptive technologies. The post, dated 2025-09-29, frames the incident as a ransomware-related data-leak event, stating that a substantial volume of data—approximately 486 GB—was exfiltrated and that the company reported revenue of about 17.2 million USD. The page does not publish a ransom amount or explicit encryption status in the excerpt; instead, it presents a typical data-leak narrative associated with ransomware campaigns. The leak page provides two downloadable resources (a leaks download guide and a sample data archive) and references a listing file. There are no screenshots or images displayed on the page according to the metadata.

Regarding the data exposed, the page enumerates a broad set of sensitive material reportedly included in the leak. It describes employee records—including HR letters, offer letters, employment contracts, certificates, and personal documents (such as copies of IDs, passports, and photos) along with social insurance and visa documentation); financial and accounting data (bank statements from 2015–2023, treasury transactions, income tax calculations, VAT and salary reports, and bilingual financial statements); project and proposal materials (BIM proposals and implementation plans, presentation decks, sample videos); HR and benefits data (medical insurance records, employee photos, and master data sheets); and miscellaneous items (personal expense receipts, domain renewals, software licenses, scanned invoices, including WhatsApp images). The page notes a sample data archive (virtual-sample-data[.]zip, about 982 KB) and a listing file (virtualprojects.build_listing.txt) along with two external links: Leaks Download Guide and the sample data ZIP. There are no images or screenshots on the leak page, and the excerpt does not disclose an explicit ransom figure. The post date remains 2025-09-29, with no separate compromise date provided in the data.