Ransomware Group: NIGHTSPIRE

VICTIM NAME: promenade-village-dental, Canada

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the NIGHTSPIRE Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware incident involved a Canadian dental clinic, identified as Promenade Village Dental, which was compromised on April 13, 2025. The breach resulted in the leak of approximately 5 gigabytes of sensitive data. The attackers, associated with the group “Nightspire,” revealed the existence of the data breach on their leak site, which is part of a larger ransomware campaign targeting healthcare providers. The posted information indicates that a significant volume of confidential data was exfiltrated, potentially including patient records and internal documents. No specific personal identifiers or PII are disclosed in the publicly available leak information. The site does not show any visual screenshots or downloadable files, but it emphasizes the scale of data loss and the seriousness of the attack.

This incident underscores the cybersecurity vulnerabilities present in healthcare organizations, especially those handling sensitive patient information. The leak message suggests that the group is actively revealing stolen data as leverage for ransom payment negotiations or public exposure, typical in ransomware extortion tactics. The breach’s discovery date is April 22, 2025, indicating that the attack was identified roughly nine days after the initial compromise. The location of the victim in Canada and its association with healthcare make this case a serious concern for patient privacy and institutional integrity. The attack’s specifics, including how the breach occurred, remain undisclosed, but the size of the data compromised signifies a substantial security incident.