The Rhysida ransomware group has allegedly targeted Trans-Tex, a prominent US-based printing company. The group has added Trans-Tex to its dark web leak site, claiming to have exfiltrated a significant amount of sensitive data. Trans-Tex, located in Cranston, Rhode Island, is known as a leader in the narrow web dye sublimation printing industry, with over 25 years of experience. The attack places the company’s confidential and operational data at severe risk of exposure.
The threat actors are auctioning the allegedly stolen data, setting a 7-day deadline for the sale. According to their post, the data is being sold exclusively to a single buyer for a price of 5 BTC. Proof of the breach was provided in the form of screenshots displaying various internal documents. This public auction tactic is designed to pressure the victim company into paying the ransom to prevent the widespread dissemination of their sensitive information.
Based on the evidence shared by the Rhysida group, the compromised data allegedly includes a variety of financial and business documents. The sample files displayed on the leak site suggest the following types of information were exfiltrated:
- Employer’s Quarterly Federal Tax Returns (Form 941)
- Purchase Orders
- Invoices
- Other sensitive business and financial records
