Ransomware Group: SINOBI

VICTIM NAME: Bignault & Carter

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SINOBI Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

On September 28, 2025, the Sinobi ransomware group published a leak page targeting Bignault & Carter, a Savannah-based law practice described as focusing on representing Labor Unions and Pension, Vacation, and Health and Welfare Funds in and around Savannah, Georgia. The post portrays Bignault & Carter as a victim of a ransomware incident and presents a narrative consistent with data exfiltration and encryption. The date associated with the leak content is 28 September 2025, identified as the post date; no separate compromise date is provided in the available data. The page reads like a public disclosure of intrusion and potential data exposure tied to the attack, aligning with common ransomware disclosure patterns.

The leak page includes explicit data-related claims: the attackers assert encryption and accompany the narrative with a ransom figure of 5,100,000 USD, dated 28/09/2025 in the surrounding text. The excerpt notes that roughly 250 GB of data is involved, with data categories described as Customer’s data, Confidential, Contracts, and Incidents. The post also presents four images, described only in general terms as screenshots of internal documents or related materials. Taken together, these elements indicate a data-leak scenario typical of ransomware operations, implying both encrypted or exfiltrated data and a monetary demand, while signaling potential exposure of sensitive client, contract, and incident information associated with the victim’s practice.