Ransomware Group: QILIN

VICTIM NAME: BALNEARIO DE MONDARIZ

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to a hospitality and tourism establishment located in Galicia, Spain, known as ‘El Balneario de Mondariz.’ This facility is a comprehensive resort featuring 194 rooms, a modern thermal spa utilizing mineral waters, a large spa center called ‘Palacio del Agua’ spanning 3,000 square meters, an 18-hole golf course, and additional amenities. The incident was discovered on July 24, 2025, and the attack date is recorded as July 24, 2025. The page includes a screenshot of the compromised system, indicating potential data breaches or leaks involving the victim. The leak appears to be part of a campaign by the group ‘qilin,’ and the details emphasize the impact on the hotel’s operations and client data security.

The leak page suggests the release of sensitive data or internal information, possibly including confidential business details or customer records. No specific PII is displayed in the excerpt, maintaining privacy standards. The information available indicates that the attack could potentially affect the establishment’s reputation and operations, with possible data exposure accessible through the provided claim URL (via dark web). The presence of a screenshot highlights the severity of the breach, with visual evidence of internal contents. The incident underscores ongoing cybersecurity risks faced by hospitality enterprises, especially those with extensive guest and operational data stored digitally.