Ransomware Group: TERMITE

VICTIM NAME: News-Press & Gazette Co[.]

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the TERMITE Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The leak page identifies News-Press & Gazette Co. as the target of a ransomware incident. The page presents the victim as a long-established United States–based media organization headquartered in St. Joseph, Missouri, with a broad operations footprint that spans daily newspapers and weekly publications, as well as cable, internet, and digital telephone services, commercial printing, and broadcasting assets. The post is dated September 26, 2025, and, in the absence of a separately stated compromise date, this date is treated as the post date. The page frames the event as a data-leak scenario rather than a pure encryption-focused attack.

The attackers claim they gained access again and exfiltrated approximately 30 GB of personal data. The leak page includes three visual elements described as screenshots, which appear to depict internal materials or documents, though their exact contents are not detailed in this summary. The page also indicates a link to additional data, though the destination is not shown here due to defanging. No specific ransom amount is disclosed in the publicly visible excerpt, leaving the immediate demand unrevealed in the provided data.

Overall, the post underscores the ongoing risk ransomware poses to sizable media organizations, particularly where personal data may be involved. The presence of multiple screenshots and an on-page link suggests the attackers intend to publicly validate their claims and potentially disclose more information. The post date serves as the publication timestamp for the leak content and helps place this event within the broader 2025 threat landscape.