Ransomware Group: WORLDLEAKS

VICTIM NAME: DARA Pharma

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the WORLDLEAKS Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page concerns DARA Pharma, a Spanish manufacturing company specializing in designing and producing machinery for the pharmaceutical, biotech, and cosmetic industries. The attack date is recorded as July 20, 2025. DARA Pharma is recognized for creating customized, high-quality equipment such as filling and labeling lines suited for liquids and powders in various containers. The leak indicates that sensitive or potentially proprietary information from the company has been compromised and made available online by the threat actors. The publication of such data may impact the company’s operations, reputation, and client trust, emphasizing the importance of cybersecurity measures in protecting industry-specific information.

The leak includes visual evidence, such as a screenshot linked via a provided URL, which appears to depict internal data or documents related to DARA Pharma’s operations. Although specific compromised files or data types are not detailed, the presence of a leak on a known dark web platform suggests the attackers may have acquired confidential business information or technical specifications. The incident was discovered on July 21, 2025, a day after the attack. DARA Pharma’s website remains accessible, but the breach underscores vulnerabilities within their cybersecurity infrastructure. No personal or PII details are noted in the available information, maintaining confidentiality and focusing on the company’s industrial activities and possible data exposure.