Ransomware Group: WARLOCK

VICTIM NAME: orange[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the WARLOCK Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The leak page identifies orange[.]com as a victim in the Telecommunication sector, based in France. The available metadata indicates a post date of August 9, 2025. The page’s description states that only a portion of the files and file list are shown and that the full set of files must be purchased separately. There are no downloads, images, or attached documents displayed on the page, and there are no visible screenshots. A claim URL is indicated on the page, suggesting that additional data or negotiation options may be available beyond what is publicly shown. Taken together, the content points to a data-exfiltration style post rather than a simple encryption notice, with no explicit ransom figure disclosed on the page.

Because no explicit compromise date is provided beyond the post data, the provided key_date is best treated as the post date (August 9, 2025). The leak page does not present direct evidence of encryption or a disclosed ransom amount, and there are no visible samples, files, or screenshots to review. The combination of a partial file listing and a claim URL is consistent with common ransomware extortion patterns where attackers monetize stolen data by offering access to the remainder after payment. For orange[.]com, the page signals a data-leak/extortion scenario affecting the French telecommunications sector, while the exact scope of data taken and any monetary demands remain undisclosed on the leakage page.