Ransomware Group: QILIN

VICTIM NAME: nexa[.]bb

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to a professional services firm headquartered in Barbados, operating under the domain nexa.bb. The company specializes in accounting, advisory, auditing, consulting, corporate, and tax services, emphasizing strong client relationships. The attack date is recorded as July 11, 2025, indicating when the breach occurred, while the leak was discovered the following day. The page contains a screenshot showing internal documents or data related to the victim. Although specific details about the compromised information are not provided, the leak might include sensitive business data, confidential files, or internal communications. The leak is associated with the group known as “qilin,” which is known for cyber extortion campaigns.

Additional details include a link to the leak’s claim URL, which leads to an onion site likely hosting the stolen data or further information. Despite the absence of explicit data or the number of files leaked, the publication indicates a data breach significant enough to warrant public exposure. The victim’s industry remains unspecified, and the leak site does not reveal specific compromised data. The screenshot available suggests there may be visual evidence of the internal data leak, often used by attackers to demonstrate access or the severity of the breach. This incident underscores the ongoing threat posed by ransomware groups targeting organizations across various sectors worldwide.