Ransomware Group: LOCKBIT3

VICTIM NAME: ende[.]bo

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the LOCKBIT3 Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The leak concerns the entity associated with the domain ende.bo, which is identified as the National Electricity Company of Bolivia. The compromised data was discovered on April 16, 2025, and the attack occurred on the same day with a report timestamp of shortly afterward. The attacker group responsible for this incident is identified as LockBit 3.0, a notorious ransomware group known for targeting critical infrastructure and large institutions. The leak page provides an overview of the victim’s activities related to electrical services, highlighting the strategic importance of the organization. The disclosure includes a screenshot depicting internal documents or sensitive data, indicating a significant data breach.

The leak page mentions the presence of various infostealer tools used during the attack, including Lumma, Raccoon, RedLine, StealC, Vidar, and an unknown variant. The compromised data appears to contain information on employee counts, third-party relationships, and potential user data, though no personally identifiable information (PII) or specific leak details are explicitly shared in this summary. Download links or data sets are implied but not directly included here. The publication emphasizes the attack’s impact on the victim’s operational infrastructure and suggests that sensitive information related to the company’s internal operations may have been exposed.