Ransomware Group: QILIN

VICTIM NAME: www[.]nelson[.]edu

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The recent ransomware incident involves Nelson University, an educational institution. The attack was discovered on April 16, 2025, and the threat actors associated with this breach are identified as part of the “Qilin” group. The compromised data includes a significant volume of personal records belonging to employees and students. According to the threat actors, all this sensitive information is set to be published publicly by April 24, 2024, unless the organization pays the requested ransom. The leak page features a screenshot of some of the leaked content, indicating the serious nature of the breach and the threat to privacy. The leaked data is accessible through a dark web link provided by the attackers.

The breach highlights the targeted sector of education, with potential exposure of personally identifiable information of numerous individuals associated with Nelson University. The threat suggests that a substantial amount of sensitive data will be made available publicly if ransom demands are not met. The leak page emphasizes the threat of data exposure and features a link to the published data, along with a screenshot illustrating the leak. No additional details about the specific type of data or extent of the breach are provided beyond the claim of thousands of records. The attack underscores the vulnerability of educational institutions to cyber threats and the importance of robust cybersecurity measures.