Ransomware Group: QILIN

VICTIM NAME: City of Green River

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware incident involved the City of Green River, located in Utah, a municipality responsible for providing community services, recreation, events, and government information to residents, visitors, and local employees. The breach was discovered and publicly announced on July 15, 2025, revealing that sensitive data and internal information may have been compromised. The attack was attributed to the threat group known as “qilin,” which is associated with critical cyberattacks targeting public sector entities. The leak page includes a screenshot of what appears to be internal documents or administrative interfaces, suggesting potential exposure of local government operations and sensitive community data. The criminal group has issued a claim and provided a link for potential data recovery or negotiations.

The incident’s details, including the attack date and the threat actor, indicate that the city’s systems were targeted to disrupt public services and possibly access municipal data. The leak page does not reveal specific information about the data stolen or the scope of the breach but highlights the seriousness of the attack on a public sector entity. The use of a dark web claim URL suggests ongoing criminal activities related to the incident, with potential data leaks or ransom demands. The included screenshot provides visual confirmation of compromised internal interfaces, but no explicit sensitive personal or PII information is visible in the publicly shared preview. Authorities and cybersecurity teams are likely investigating the incident to mitigate further impact.