Ransomware Group: WORLDLEAKS

VICTIM NAME: Canadian Rocky Mountain Resorts

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the WORLDLEAKS Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to Canadian Rocky Mountain Resorts, a hospitality company located in Canada. The attack was publicly disclosed on May 30, 2025, and the incident involved data compromises affecting their operations in renowned destinations such as Banff, Lake Louise, and Moraine Lake. The company is known for its scenic accommodations and outdoor activities, including hiking, fishing, and wildlife viewing, serving tourists seeking luxury experiences in the Canadian Rockies. While specific details of the data breach are sparse, the leak suggests that internal or customer-related information may have been compromised. The page includes a screenshot of what appears to be internal documents or system interfaces, indicating potential exposure of operational or organizational data. The leak might involve sensitive information, but explicit details are not provided to ensure privacy and security.

The leak page features a link to the ransomware group’s claim URL, but no downloadable data or files are directly available. It underscores the seriousness of the incident for the hospitality sector, emphasizing the importance of cybersecurity measures to protect guest and corporate data. The incident’s discovery was recorded on May 30, 2025, and the breach appears to be part of a broader campaign targeting hospitality businesses globally. The inclusion of a relevant screenshot suggests that internal images or documents linked to the company’s operations may have been accessed or threatened. Overall, this event highlights the ongoing cybersecurity risks facing companies in the tourism industry and the necessity for robust defenses to prevent or mitigate such attacks.