Ransomware Group: HANDALA

VICTIM NAME: IM Cannabis

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the HANDALA Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page belonging to IM Cannabis details significant allegations regarding the unauthorized access and exploitation of their corporate infrastructure. The hackers claim to have compromised more than 23 organizations linked to IM Cannabis, asserting that they have acquired extensive confidential documentation, including sales records, human resource information, and customer data. The page makes specific reference to a strong connection with A.G.A.S, alleging that this was the entry point for the hacking endeavor. The claim suggests that the breach entails a substantial volume of data, reportedly amounting to 64 GB, along with more than 50,000 confidential documents being prepared for release.

IM Cannabis operates primarily within the medical cannabis sector in Israel and Germany, previously also maintaining operations in Canada. The leak page presents a stark portrayal of the company’s business practices, hinting at them being entwined with illicit activities. A notable point of concern raised in the leak is the operation of a supply chain attack, further emphasizing the severity and potential ramifications for both IM Cannabis and its customers. The team behind the attack, identifying themselves as Handala Hack Team, has emphasized the ongoing threat posed to the company’s infrastructures, including assertions that their access remains live. The page indicates an urge for transparency, posing a challenge to IM Cannabis management regarding their communications with customers regarding the incident.

The leak page includes several provocative claims without revealing specifics of the stolen data. It aims to provoke discussion about regulatory compliance and safety in the cannabis distribution sector. Furthermore, the hackers reference email communications and other personal commentary, highlighting a cynical view of the management’s handling of information security. The page also alludes to the existence of images and documents that could potentially be harmful if seen by the general public. Stakeholders in the industry are urged to remain vigilant and reconsider the risk and security measures surrounding their data management and operational integrity.