Ransomware Group: KILLSEC

VICTIM NAME: Sama

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the KILLSEC Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page reports an incident involving the victim entity identified as “Sama.” The attack was discovered on May 26, 2025, and the breach is noted to have occurred on the same day, indicating a recent security incident. The page includes a screenshot that appears to show internal data or related information, which provides visual confirmation of the leak. The content does not specify the nature of the compromised data or the extent of the infiltration, but it suggests that malicious actors have accessed sensitive information associated with the victim. No specific attack details, such as methods or targeted systems, are provided, but the presence of a dedicated claim URL indicates active engagement from the threat group responsible. Download links or leaked data files are implied but not explicitly listed in the summary.

The leak page is associated with the group “killsec,” known for ransomware and data theft activities. The victim’s industry or geographical location remains unspecified, and there is no publicly available information about the number of employees or third-party involvement. The visual evidence, including the screenshot, hints at a targeted intrusion, potentially involving data exfiltration or ransom demands. The lack of detailed descriptions or additional context suggests either ongoing negotiations or an early stage disclosure of the breach. Overall, this incident highlights a recent ransomware attack targeting an entity named “Sama,” with visual proof of the data leak and active threat actor engagement.