Ransomware Group: QILIN

VICTIM NAME: universalwindow[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak pertains to Universal Window and Door, LLC, a US-based manufacturer specializing in custom window solutions for historic restoration and commercial projects. The breach was discovered on April 17, 2025, and the compromise was confirmed shortly thereafter. The leak page indicates that sensitive business information from the company may have been accessed or compromised, with potential exposure of internal data. The leak’s details are accessible via a provided underground URL, which is linked to the Qilin ransomware group. The page includes a screenshot of internal documents, suggesting the attackers have access to company data. No personal identifiers or PII are included in the disclosed information.

The leak suggests that data related to the company’s operations, contracts, or internal communications might have been leaked, posing a risk to its confidential information and ongoing projects. The manufacturing sector involved is focused on bespoke window products, indicating the breach could impact project timelines or corporate integrity. The leak page does not specify exactly what data has been leaked but warns of the nature of the attack and the group’s capabilities. Download links or data samples are present, which could further compromise proprietary information if accessed. The inclusion of a screenshot showing internal documents emphasizes the seriousness of the breach, even though no explicit PII appears to be shared publicly.