Ransomware Group: NIGHTSPIRE

VICTIM NAME: Calcadawines

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the NIGHTSPIRE Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to Calcadawines, a company involved in agriculture and food production based in Spain. The breach was publicly disclosed on May 24, 2025, approximately one day after the attack was reported. The attackers, identified as part of the group “nightspire,” claimed to have stolen a substantial data volume of around 70 GB. The attack targeted Calcadawines’ operations, potentially impacting their internal systems and data integrity. No specific details about PII or sensitive data are publicly available, and there is no evidence of compromised employee or third-party information. The incident highlights the ongoing cybersecurity threats facing agricultural companies operating in the region. The ransomware group appears to have taken screenshots of internal information, but no further sensitive content has been revealed publicly through the leak page. There are no available download links or explicit references to leaked documents at this time. The attack underscores the importance of robust cybersecurity measures in the food production sector to prevent and mitigate similar incidents. –>

Calcadawines, a notable player in the agriculture and food sector in Spain, experienced a significant cybersecurity incident leading to data exfiltration by the threat group “nightspire.” The attack occurred on May 23, 2025, and was publicly disclosed the following day, indicating an active breach that may have affected internal operations. Approximately 70 GB of data was reportedly stolen, although specific contents or types of compromised information have not been detailed publicly. The attack serves as a reminder of the vulnerabilities faced by companies in the food and beverage industry, which are increasingly targeted by ransomware groups seeking sensitive business information. The ransomware group’s claim suggests they may possess internal documents or operational data, but no explicit leak of PII or customer data has been observed. The incident reinforces the critical need for organizations in this sector to enhance cyber defenses and monitor for signs of intrusions to safeguard sensitive information and maintain operational resilience. No download links or leaked files are currently available from the leak site, and the attackers’ actions appear primarily focused on data theft rather than public exposure at this time. The breach demonstrates the evolving threat landscape faced by industry sectors vital to food security and supply chains worldwide. –>