Ransomware Group: LOCKBIT3

VICTIM NAME: pdcm[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the LOCKBIT3 Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page concerns the victim domain, which operates within the financial services industry in the United States. The victim specializes in providing various types of insurance, including business, group, life, and health coverage. The attack was publicly disclosed on May 1, 2025, at approximately 10:43 PM UTC, with the discovery of the leak occurring shortly afterward at 11:43 PM UTC. The breach appears to have exposed internal data managed by the organization, potentially including sensitive business information. A screenshot linked from the site suggests that internal documents or system interfaces were captured as part of the leak. No personal employee information or third-party data were explicitly indicated as compromised.

The leak page indicates that the attackers have claimed responsibility through the LockBit 3 ransomware group. They have published a claim URL on the dark web, which also includes an image preview of the leaked content. The presence of an information stealer component with unknown data points, and the indication that at least one user account was involved, suggests that malicious code or tools may have been used to gather or monetize the stolen data. No specific download links are publicly visible, but the leak implies that sensitive company data may be accessible to malicious actors. The URL provided on the dark web is hidden behind Tor, emphasizing the covert nature of this operation.