Ransomware Group: QILIN

VICTIM NAME: parrishleasing[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to a transportation and logistics company operating in the United States. The attack was publicly disclosed on April 22, 2025, with a threat to publish stolen files on May 1, 2025. The victim is identified through their domain name, and the leak appears linked to a group called “Qilin.” The incident involves the theft of internal data, as indicated by the included screenshot showcasing internal documents. Although specific details about the compromised data are not provided, the mention of a scheduled release suggests that sensitive operational information or business records have been exfiltrated. The victim’s description highlights a long-established family business with a focus on customer service, headquartered in Fort Wayne, Indiana. The threat actor emphasizes that the stolen files will be made available publicly, which could expose confidential company information.

The leak page features an image of internal documents, implying that the attackers have accessed proprietary or operational data. The attack discovery timestamp suggests the breach was identified on April 22, 2025, shortly after the incident occurred. No PII of employees or customers are explicitly disclosed through the available information, maintaining data privacy standards. The threat to publish the stolen files indicates potential exposure of business records, potentially affecting the company’s operations and reputation. The page contains no links to download the data yet, but the scheduled publication date indicates that confidential information may become publicly accessible soon. This incident underscores the importance of cybersecurity measures for companies involved in logistics and transportation sectors.