Ransomware Group: RHYSIDA

VICTIM NAME: MDB

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the RHYSIDA Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to a victim referred to as MDB, a company operating within the technology sector based in the United States. The attack was discovered on April 26, 2025, with the attack date also recorded as April 26, 2025. The group responsible for the attack is identified as “rhysida,” which is known for targeting organizations across various industries. The leak page does not specify the nature or extent of the compromised data but indicates that data related to the victim has been exposed or made available online. No screenshots or direct links to leaked data are present on the page, but the presence of a claim URL suggests potential further details or claims related to the attack could be available. The victim’s company, MDB, was founded in 1977 in Abruzzo, Italy, but has been identified as operating in the US at the time of the attack.

The page includes information indicating that the attack was part of a known ransomware operation grouped under ‘rhysida.’ This group is recognized for launching data breaches and leaks by encrypting organizational systems and releasing sensitive or business-critical information if ransoms are not paid. While the specific data compromised in this incident is not detailed, the exposure under this ransomware family suggests potential public availability of files or documents associated with the victim. The attack date and discovery date confirm a recent event, emphasizing the ongoing threat posed by ransomware groups targeting organizations within the technology sector. Further information such as screenshots or extra details is absent, but the presence of a dedicated URL indicates that additional insights about this incident might be accessible through the relevant sources without exposing sensitive or PII information.