Ransomware Group: SINOBI

VICTIM NAME: Norwest Venture Partners

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SINOBI Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The leak page identifies Norwest Venture Partners, a US-based financial services firm that operates as a global venture capital and growth equity investor. The description notes the firm was founded in 1961 and is headquartered in Palo Alto, California, with offices in India and Israel. The page asserts that Norwest has been compromised by a ransomware incident and that the attackers claim data has been encrypted. The post date is August 9, 2025 (9/08/2025 in the excerpt), which matches the supplied key_date. A substantial dollar amount appears alongside the “Encrypted” claim (about $96,200,000), followed by a date marker, suggesting a ransom demand. The leak page also includes five screenshots as attachments and indicates a claim URL on the page; there are no additional public download links shown in the excerpt. The victim is located in the United States.

The body excerpt reiterates Norwest Venture Partners’ identity as a leading venture and growth equity firm, highlighting its global footprint and historical background. The content frames encryption as the primary impact of the incident, paired with a sizable monetary demand. Five image attachments are referenced, though their exact contents are not described in the excerpt. A claim URL presence signals a formal claim component typical of ransomware leak sites; no download items are listed in the provided data. The page content is in English and has been sanitized to redact personal identifiers beyond the corporate name; the published date, August 9, 2025, is the deemed post date for the leak in this dataset.