Ransomware Group: TERMITE

VICTIM NAME: News-Press & Gazette Co[.]

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the TERMITE Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

News-Press & Gazette Co. is described on the leak page as a long-standing United States media and telecommunications organization. The company publishes daily newspapers and weekly publications, provides cable, internet, and digital telephone services, and offers commercial printing services such as Web and sheet-fed printing. It also operates television and radio stations and traces its roots to 1845, with headquarters in St. Joseph, Missouri. The leak page attributes the incident to the threat actor group Termite and identifies News-Press & Gazette Co. as a ransomware victim. The post is dated 2025-09-26 15:53:36.303000; in the absence of a separate compromise date, this is treated as the post date.

From the post’s update, Termite asserts that they attacked News-Press & Gazette Co. again and stole roughly 30 GB of personal data. The event is presented as a data-leak (data exfiltration) rather than an encryption incident. The leak page includes three image attachments, which appear to be screenshots or captures of internal materials, though the contents of those images are not described in detail. There is no publicly stated ransom amount in the available text, and the page does not display a monetary demand. The metadata indicates a claim URL is present, suggesting the attackers provide an additional channel for information or further posts elsewhere.