Ransomware Group: NIGHTSPIRE

VICTIM NAME: Valentin Hotels

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the NIGHTSPIRE Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware attack targeting Valentin Hotels, a hospitality and tourism service provider based in Spain, was discovered on May 20, 2025, one day after the initial attack date of May 19, 2025. The breach involved the leak of approximately 700 GB of data, indicating a significant compromise of sensitive information. The incident is linked to the threat group “nightspire.” Although specific details of the leaked data are not publicly disclosed, the presence of a downloadable data set suggests that substantial internal or client data may have been exfiltrated. The attack appears to be part of a broader series of cyber threats targeting the hospitality industry, with the intruders potentially seeking financial gain through data extortion or other malicious activities.

The ransomware leak page includes visual evidence such as screenshots that may depict internal documents or data, and the leaked files could contain critical or confidential information related to the hotel chain’s operations. No contact or further details are currently available publicly. The attack’s exposure raises concerns about data security in the region’s tourism sector, reflecting the increasing sophistication of cybercriminal operations against hospitality businesses, particularly in Spain. There are no indications of personally identifiable information (PII) being released in the leak, but the volume of data underscores the importance of cybersecurity measures for organizations handling sensitive customer or operational data.