Ransomware Group: CACTUS

VICTIM NAME: northernresponse[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the CACTUS Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page associated with Northern Response presents an extensive amount of sensitive information detailing the company’s significant data breach. Based in Ontario, Canada, Northern Response has been operating in the retail sector since 1984. The company prides itself on its diverse marketing strategies that leverage multiple platforms, including online channels such as TikTok and Instagram, enhancing its brand visibility and distribution. The leak indicates the presence of 366GB of data, with approximately less than 1% disclosed, although specific sensitive details regarding the breach are not available. The financial aspect highlighted suggests revenue of $17.4 million, reflecting the company’s substantial position in the retail market.

According to the leak information, various types of data have been compromised, including Personal Identifiable Information (PII), which encompasses customer databases, as well as employees’ and executives’ personal folders. Additionally, corporate resources including OneDrive data, financial records, legal documents, contracts, NDAs, and correspondence have also been exposed. The fact that multiple download links for the data were mentioned but categorically stated as “not present” raises concerns regarding the secure management of the leaked information. The page features several images; however, these are sanitized and summarize the sensitive content rather than presenting direct information.