Ransomware Group: QILIN

VICTIM NAME: Estes Forwarding Worldwide

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to Estes Forwarding Worldwide, a prominent logistics and freight forwarding company based in Richmond, Virginia, United States. The breach was publicly disclosed on June 23, 2025, approximately hours after the attack was identified. The leak indicates that the threat actors targeted the company’s operations, potentially compromising sensitive logistical information. The publicly available screenshot suggests that internal documents, which may include organizational details, have been accessed or leaked. No specific sensitive data such as personal identifiers or client information appears to be explicitly disclosed in the available summary, but the leak underscores the importance of cybersecurity measures in critical transportation infrastructure. Download links or claimed data exfiltration are referenced but not detailed here, emphasizing the need for ongoing investigation. The incident highlights the vulnerabilities faced by major logistics providers in the digital age. The breach is associated with a group named ‘qilin,’ which could imply a coordinated cyber threat activity. The page offers a link to detailed information, coupled with visual evidence of the breach’s impact on the targeted organization.

The attack’s discovery date coincides with the public announcement, suggesting a swift response to the incident. Although specific technical details of the breach are not included in the summary, the presence of a screenshot indicates that internal documents or communications may have been exposed. The attack does not specify whether it involved data theft, encryption, or system disruption, but the leak points to a significant security event. Given the company’s sector and the nature of the attack, there is potential risk for operational delays and data compromise affecting supply chains. The URL provided links to a concealed onion site for further details, consistent with dark web leak portals. This incident exemplifies the persistent cyber risks facing logistics and transportation entities worldwide, reinforcing the importance of proactive cybersecurity strategies.