Ransomware Group: QILIN

VICTIM NAME: Ridewill SRL

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page details a recent cyberattack targeting Ridewill SRL, a company specializing in sports merchandise within the cycling sector. The attack was discovered on July 7, 2025, and involves the breach of the company’s network, which is part of a larger operation conducted by the threat group known as “qilin.” The breach has resulted in the theft of significant data, which has been leaked on the dark web as evidence of the compromise. The company is based in Italy, and the attack impacts their logistics and retail operations within the transportation and logistics industry. The leak includes a screenshot of internal documents and indicates the availability of stolen data for download, potentially including customer and employee information.

The leak features details on a variety of infostealers used in the attack, including tools such as Raccoon, RedLine, and Lumma, which may be associated with credential theft and data exfiltration. Notably, the breach has resulted in the exposure of over a thousand users’ data, with the attacker’s update timestamp indicating ongoing activity. A link to the leak’s detailed page and a dark web address are provided for further investigation. The incident underscores the severity of cybersecurity threats faced by companies in the transportation and retail sectors, emphasizing the importance of robust security measures to prevent such breaches. The attack appears to be targeted and possibly motivated by financial gain, with threats of further data exposure if demands are not met.

The breach highlights vulnerabilities in company security infrastructure, especially in networks handling sensitive customer and business data. The leak includes visual evidence such as screenshots of internal systems, and the threat actors have made available a claim URL on the dark web. Although specific sensitive details have been redacted here, the sizable data theft underscores the need for organizations to ensure best practices in cybersecurity, including regular audits, staff training, and comprehensive incident response plans. This case serves as a stark reminder for other firms in the supply chain and logistics sectors to fortify their defenses against evolving cyber threats.