The Reveal Platform
The Punjab Forensic Science Agency is a modern science center run by the Punjab government in Pakistan. It studies evidence for criminal cases using labs like DNA, toxicology, and computer forensics. The agency helps the police and courts by giving accurate and fast scientific reports. PFSA is known for its good equipment, skilled staff, and efforts to improve crime investigation in Pakistan.
Beast ransomware came out in 2022 as an improved version of the older “Monster” ransomware. It works as a Ransomware-as-a-Service, meaning different hackers can use it and customize it for Windows, Linux, and VMware ESXi systems. It has many advanced features like strong encryption, fast processing, killing services, deleting backups, and scanning nearby computers. Its tools let affiliates easily create and use their own versions. Although its abilities are well known, there is not much public information about its victims or leak-site activity.
On November 7th 2025, Punjab Forensic Science Agency (PFSA) experienced a significant data breach, exposing over 900GB of sensitive forensic records. The breach included crime scene evidence, DNA data, and details about ongoing criminal investigations. Hackers reportedly gained access to the agency’s systems, putting public safety and law enforcement efforts at risk. The exposed data could potentially be used to compromise ongoing cases or investigations.
The below screenshot about the document is a Computer Forensics Analysis Report from the Punjab Forensic Science Agency. It details the forensic examination of two mobile phones submitted by ASI Abid Ali Qureshi on 20th October 2023. The phones (both Vivo models) were analyzed for data related to WhatsApp, Facebook, multimedia files, and deleted content. The examination was done using tools like Oxygen Forensic Detective and UFED, and it provided technical details like device information, IMEI numbers, and SIM card data. The analysis aimed to assist in the investigation related to the case number 169/2023.
The below image is a payroll list from the Punjab Forensic Science Agency, showing details of employees in various forensic science departments. It includes the employee names, job titles, their assigned department, employee ID numbers, and their respective salaries.
The below screenshot is the document is a monthly salary statement for one of the Employees. The payslip shows the gross pay, deductions (like income tax), and net pay after deductions. It also highlights any recoverable amounts and provides the employee’s bank account details for salary deposit. Additionally, the document includes a note confirming that it’s a computer-generated payslip, and therefore, no signature is needed for validation.
The below screenshot shows a Pakistani National Identity Card. It displays the cardholder’s name, with a date of birth. The card also shows that the person is male, his father’s name, and his place of birth. The card includes a national identification number, a photograph, and official seals for verification. It serves as an official document for identification in Pakistan.
The below image is a 32-A Challan Form showing a payment of Rs. 150,000 deposited to the Punjab Forensic Science Agency (PFSA). It includes details such as the depositor’s name, the PFSA account/receipt number, and the purpose of payment. The form has official signatures and stamps confirming that the amount has been received and processed.
The PFSA data breach serves as a stark reminder of the critical need for robust cybersecurity measures, especially when dealing with sensitive data that is crucial for public safety and the justice system. Ransomware groups like BEAST are increasingly targeting government agencies, healthcare institutions, and law enforcement bodies, making it clear that no sector is immune from cyber threats.
By implementing strong cybersecurity protocols, organizations can better protect themselves against the growing threat of ransomware and similar attacks. Regular backups, encryption, access controls, and employee training are essential steps in safeguarding sensitive data.
Ultimately, as the frequency and sophistication of cyber attacks continue to rise, proactive security measures will be the key to preventing the next big breach. The PFSA data breach may have been a devastating incident, but it provides valuable lessons that can help other organizations bolster their defenses against future cyber threats.
