Ransomware Group: GUNRA

VICTIM NAME: Varela Hermanos

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the GUNRA Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to the victim organization identified as Varela Hermanos, operating within the beverage manufacturing industry in Panama. The attack was detected and publicly disclosed on April 23, 2025, shortly after the compromise was discovered. The incident involved the deployment of a malware strain classified as an infostealer, which targeted third-party domains and potentially compromised internal data, with a small number of user accounts affected. The threat actors, associated with the group ‘gunra’, have made a claim URL available via the Tor network, indicating their intention to release stolen data or impact the victim’s operations further. The page includes a screenshot illustrating some aspect of the attack or leaked data, but no sensitive personal or proprietary information is disclosed.

There are indications that the hackers may have stolen data related to third-party entities and possibly internal information linked to the victim. The leak suggests the presence of malicious activity aimed at destabilizing or tarnishing the organization’s reputation. Details about the scope of data stolen are limited, but references to ‘StealC’ and other malware statistics imply targeted information exfiltration. Overall, the leak page serves as a public indication of the security breach, highlighting vulnerabilities in the victim’s cybersecurity defenses. No personal PII is exposed or directly referenced, and the community is advised to consider additional cybersecurity measures to prevent similar attacks.