Share this article on:
Powered by MOMENTUMMEDIA
Breaking news and updates daily.
Customer folders, insurance details, and hardware inventories have all been shared on the dark web following an alleged ransomware attack claim.
The KillSec ransomware gang has listed Australian creative content agency Fancy Films as a victim on its dark web leak site.
The agency was listed by KillSec on 1 April, alongside Queensland-based IT service firm Hexicor and 12 other victims.
KillSec has not shared how much of Fancy Film’s data has been stolen, nor its ransom demand, but it is offering the data for sale, either for the victim to “purchase” or any other interested party.
“Company can pay for data deletion, and non-company related individuals may contact us to reach an agreement for data purchase,” KillSec’s boilerplate leak post said.
“If you are an authorised representative to negotiate on behalf of this company, submit your application via the session messenger.”
The ransomware gang has, however, shared several screenshots and partial documents as evidence of the apparent hack. Included are file and folder directories, a long list of folders representing Fancy Film’s many Australian clients, insurance policy documents, and inventories of computing and video editing hardware in Fancy Film’s possession.
As of the time of writing, the data will be published within seven days, according to a countdown on KillSec’s leak post.
KillSec has been active since at least October 2023, and the operation rebranded as a ransomware-as-a-service operation a year later in June 2024. The gang currently ranks as the 23rd most active ransomware group today, with 204 victims since it began operating.
"KillSec spun up around October 2023 following a public search for talent, and since that time has built and operated an active Ransomware as a Service (RaaS) platform. The group is known for its willingness to leverage both double extortion hacking and opportunistic use of already leaked or exposed data," Matt Green, Principal Threat Analysis at Rapid7, told Cyber Daily.
"KillSec has remained highly active in 2025 and its victims have historically come from industries including healthcare, finance, and government. The group appears to have no strong geographic preference beyond avoiding CIS (Commonwealth of Independent States - Russian influence) countries.
"The variety in victim size and industry reflects an opportunistic strategy rather than targeted campaigns, indicating KillSec will go after any vulnerable organisation. The uptick of victims within Australia showcases the trend in targeting less security-mature organisations in wealthier countries, where ransom payments tend to be more lucrative."
Fancy Films is based in St Kilda, Victoria, and offers a range of video-related marketing services, including documentary-style content, B2B videos, branded content, and media training for CEOs and executives.
“Specialists in stakeholder engagement, we partner with our clients to help connect with their most important audiences – their employees, customers, stakeholders and their industries by creating high-quality, strategic video content and digital assets,” the company said on its website.
Fancy Films’ clients from across the Asia-Pacific region include the Victorian government, the ASEAN group of nations, Coles, and Australia Post.
Cyber Daily has reached out for commentary on the incident but has yet to receive a response from Fancy Films.
UPDATED 0304/25 to add Rapid7 commentary.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.