Ransomware Group: INCRANSOM

VICTIM NAME: RETAL Baltic Films

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the INCRANSOM Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page associated with RETAL reveals significant details regarding the company’s operations and impact following the compromise. RETAL has been engaged in providing comprehensive packaging solutions for over two decades, with a vast network of 19 production sites spanning 10 countries. Their services extend across more than 70 nations globally, emphasizing a strong presence in Europe, Asia, Africa, and the Americas. The group’s headquarters is located in Limassol, Cyprus. The leak highlights the company’s extensive reach in both food and beverage sectors as well as non-food markets, showcasing its commitment to excellence in manufacturing and service delivery. This information may indicate potential vulnerabilities affecting their operations and customer relations.

The post announced on January 21, 2025, discusses the company’s parent organization, RETAL Industries Ltd., and its strategic acquisitions, such as Plastec S.R.L. in Italy, a known PET container manufacturer. This acquisition underscores RETAL’s objectives in enhancing its product offerings and operational capabilities. The ransomware group behind the breach, identified as ‘incransom’, has published the leak, suggesting the possibility of sensitive operational information being exposed. Notably, the page includes a screenshot that depicts internal documents, indicating the severity of the data leak. Furthermore, while download links may exist within the content of the leak, specifics regarding this were not disclosed. This situation necessitates immediate attention to secure systems and mitigate further risks.