Ransomware Group: LOCKBIT3

VICTIM NAME: gruppocogesi[.]org

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the LOCKBIT3 Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertaining to the victim identified as CO.GE.S.I. outlines significant details about the organization’s activities and their specialized focus. CO.GE.S.I. has established its role in providing technical and administrative support regarding urban planning applications, particularly concerning building regularization requests as per the D.P.R. n. 380/2001 regulation. The extract indicates that the victim’s website is graced with a screenshot, showing the critical nature of the information presumably contained on the compromised site, illustrating their operations and possibly showcasing sensitive data.

According to the leak, the information was first published on March 2, 2025. The page from which this information is derived does not indicate specific compromise dates, but it is essential to note the association with the LockBit 3 ransomware group. This group is known for targeting organizations to extract sensitive information, and the presence of a potential leak suggests that the victim’s data might be under threat. The organizational context suggests that their operations could involve third-party interactions, but the current report does not disclose the number of employees or detailed external collaborations. Notably, there are no direct download links mentioned, yet the presence of a screenshot indicates the potential for exposed internal documents.