Ransomware Group: QILIN

VICTIM NAME: knightknox

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak pertains to a Manchester-based property investment company operating in the UK, with a history spanning two decades. The attack was publicly disclosed on July 4, 2025, and involves a data breach affecting the company’s digital infrastructure. The ransom group responsible appears to be associated with the threat actor group “Qilin,” which utilizes various infostealers such as Azorult, RedLine, StealC, and Vidar to compromise and exfiltrate sensitive data from victims. The breach has been publicly documented, and a screenshot of the affected site is available, illustrating the attack’s impact and potential data leaks.

The leak page indicates that the compromised data may include confidential information related to the company’s operations. Although specific sensitive details are not disclosed in the summary, the presence of multiple infostealer tools suggests that attackers exploited malware to extract user data, security credentials, and other internal information. The attack aligns with a recent trend of cybercriminal groups targeting organizations in the property and real estate sectors to maximize ransom revenue. While the breach details and evidence are publicly accessible via the listed URL, no personally identifiable information (PII) or customer data is explicitly revealed here. Additional visuals, such as screenshots, highlight the attack’s scope and the breach’s potential operational impact.