Ransomware Group: WORLDLEAKS

VICTIM NAME: Pyramid Global Hospitality

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the WORLDLEAKS Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

On September 23, 2025, 17:30:23.000000, the Worldleaks group published a leak page concerning Pyramid Global Hospitality, a Boston-based international hotel-management company that operates more than 100 hotels across the United States, the Caribbean, Ireland, and the United Kingdom. The page identifies Pyramid Global Hospitality as a ransomware victim and includes a claim URL, consistent with other ransomware leak postings that indicate potential public data exposure or ransom negotiations. The post date serves as the timestamp in the absence of a separately stated compromise date. The available metadata does not specify whether encryption occurred or whether data was exfiltrated, nor does it disclose a ransom amount or data size. There are no images or downloadable files on the leak page, and any personal or contact information on the page has been redacted, with only the victim name retained.

Background context indicates that Pyramid Global Hospitality operates as a hospitality and tourism company offering hotel and resort operations, asset management, project management, and acquisition services. The firm, founded in 1999 and based in Boston, is described as operating over 100 hotels across the United States, the Caribbean, Ireland, and the United Kingdom. The leak page follows a standard ransomware-post format and includes a claim page link, though no media or attachments are visible in the provided data (no screenshots or downloadable content). No explicit compromise date beyond the post date is listed, and no ransom figure is disclosed in the dataset. Personal data on the page is redacted, preserving the victim’s name; the entry highlights a risk signal to the hospitality sector without detailed technical specifics.