Ransomware Group: SPACEBEARS

VICTIM NAME: All Truck Transportation Co

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SPACEBEARS Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

On August 19, 2025, the ransomware group spacebears published a leak page alleging a breach of All Truck Transportation Co, a United States–based transportation and logistics provider headquartered in Chicago, Illinois. The post frames the incident as a data-leak event rather than a pure encryption incident, claiming that attackers exfiltrated sensitive corporate data including a database, financial documents, and personal information of employees and clients. The leak page includes a downloadable file and a single download link, along with a claim URL for further action. It also presents three images that appear to be screenshots of internal materials offered as evidence of data exposure. The page references the victim’s site in a defanged form: hxxp://www[.]alltruck[.]com/.

At the top of the post, views are listed at 70, indicating the page has drawn some attention from readers. The post does not disclose any ransom amount or explicit encryption details, instead emphasizing data exfiltration and the potential for public release or resale of the stolen information—patterns commonly associated with double-extortion ransomware operations. The body excerpt describes All Truck Transportation Co as a long-established Chicago-area company within the Transportation/Logistics sector, noting the types of data allegedly captured (including financial documents and personal information of employees and clients) and pointing to a downloadable file and three images as part of the evidence. The three images are mentioned as attachments but without detailed descriptions of their contents.

From a threat intelligence perspective, the leak page signals ongoing risk to the Transportation/Logistics sector in the United States, particularly regarding the exposure of financially sensitive records and personal data. The combination of a downloadable file, multiple screenshots, and a claim URL under the spacebears banner aligns with known ransomware leakage patterns intended to pressure victims. The post date, derived from the provided data, is August 19, 2025; the page does not specify a separate compromise date. No ransom figure is shown in the post, and no encryption status is explicitly confirmed beyond the claimed data exfiltration.