Ransomware Group: NIGHTSPIRE

VICTIM NAME: Ertl ELECKTRO FELDBACH

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the NIGHTSPIRE Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to Ertl ELECKTRO FELDBACH, a company based in Austria. The attack date is listed as May 18, 2025, indicating when the breach was reportedly committed. The leaked data involved approximately 50 GB of information stored or managed by the organization. This incident was discovered on May 20, 2025, suggesting the breach was identified two days after the attack. Although specific details about the nature of the files leaked are not provided, the size indicates it could include a significant volume of sensitive or operational data. The threat group associated with the attack is identified as “nightspire,” a known malicious actor involved in similar ransomware campaigns.

The leak page does not include visible screenshots or explicit evidence of the compromised data, but typically such pages may contain references or links to data dumps or associated files. No direct download links or images are provided here, but the mention of data size signals potential data exfiltration. Since the activity status is marked as “Not Found,” it is likely the current visibility of the leak remains uncertain or that the data has been taken offline. The attack appears to be targeted at the industrial or infrastructural sector given the company’s profile, though specific activity details are not specified. The incident underscores the ongoing threat posed by ransomware groups targeting organizations in Austria and elsewhere.