Ransomware Group: SINOBI

VICTIM NAME: Law Offices of James Scott Farrin

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SINOBI Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The leak page identifies the victim as the Law Offices of James Scott Farrin, a United States–based legal services firm headquartered in Durham, North Carolina with additional offices across North Carolina and South Carolina. The post is attributed to the Sinobi group and frames the incident as a ransomware-related intrusion affecting a business services organization. The post date is October 6, 2025, and no explicit compromise date is provided beyond the publication date. The page implies that attackers gained access to internal data and that encryption and/or data exfiltration occurred as part of the attack, consistent with ransomware operations.

According to the leak, the attackers claim to have encrypted or exfiltrated a substantial volume of data from the victim—approximately 700 gigabytes—covering data categories described as Customer’s data, Confidential, and Contracts. The post includes a claim URL for ransom negotiation or related details and features three screenshots or images intended to corroborate the breach. The screenshots are hosted on an onion service (the actual URLs are not reproduced here). This presentation aligns with double-extortion ransomware behavior, in which data access and encryption are followed by public disclosure to pressure payment, although no specific ransom amount is disclosed in the available text.

Overall, the page emphasizes the impact on the victim and the sensitivity of the exfiltrated material, while redacting direct contact details. The victim’s name remains the Law Offices of James Scott Farrin. The cited data volume (about 700 GB) and the listed data categories underscore the potential scope of exposure, including client-related records and confidential contracts. The presence of three internal-document images and a ransom-claim channel indicates a conventional ransomware pattern designed to compel payment through the threat of public data release.