Ransomware Group: BLACKBASTA

VICTIM NAME: granbyindustries[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the BLACKBASTA Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page associated with Granby Industries documents a significant breach involving a leading manufacturer and distributor in North America. Founded in 1954, Granby Industries specializes in storage tanks and heating products, with operations primarily across the United States and Canada. The page provides insight into various types of data reportedly compromised, amounting to approximately 1.2TB in total. This encompasses sensitive information such as corporate data, financial records, accounting details, payroll information, and personal documentation related to employees. Additionally, the leak indicates the presence of various other categories of data including human resources documents, tax forms, and research and development materials.

The published date of this data leak is January 11, 2025. Notably, the group claiming responsibility for this attack is identified as “blackbasta.” The page additionally features a screenshot which may include visual representations of internal documents and potentially sensitive information, presented in a non-explicit manner. While the leak mentions the types of data involved, there are no specific details divulged regarding individual employees or third parties, thereby maintaining a degree of anonymity. It should be noted that the disclosed URL leads to an onion site, indicating that the content is meant for access via the dark web, emphasizing the gravity of the breach and the threat it poses to the company’s operations and stakeholder trust.