Ransomware Group: NIGHTSPIRE

VICTIM NAME: Simalga

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the NIGHTSPIRE Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak pertains to a victim organization located in Spain, identified as Simalga. The breach was discovered on May 22, 2025, and reportedly involves the exfiltration of approximately 600 GB of data. The attack was attributed to the Nightspire group, which is known for targeted ransomware operations. The incident resulted in the release of various types of sensitive information, with the leak including data associated with multiple infostealer tools such as Lumma, Raccoon, RedLine, StealC, Vidar, and an unknown category, totaling over 50 different infostealer statistics. The leaked data indicates involvement of several third-party entities, suggesting potential supply chain or partner vulnerabilities, although specific details remain undisclosed. The attack appears significant, with active data sharing and ongoing updates since the incident was first discovered. The public leak includes screenshots and possibly other visual evidence, yet specific content details are not provided. The attack highlights the persistent threat posed by ransomware groups targeting organizations across various sectors, emphasizing the importance of cybersecurity vigilance.

While detailed information about the attacker’s motivations or exact data contents is not publicly available, the leak suggests that the affected organization’s exposure could include confidential internal information or operational data. The breach’s impact is underlined by the sizable 600 GB data leak and the involvement of multiple infostealer tools, which may have been used to exfiltrate data. Such incidents underscore the importance of robust cybersecurity practices, including regular security audits, comprehensive data backups, and vigilant monitoring for suspicious activity. Although the specific nature of the compromised information is not disclosed, the incident aligns with recent trends of ransomware groups leaking data to exert pressure and enhance their leverage over victims. Organizations should consider these threats seriously and implement protective measures to prevent similar breaches in the future.