Ransomware Group: QILIN

VICTIM NAME: ferrocortes

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to a Colombian company specializing in high-quality steel solutions for industrial applications. The victim, identified as Ferrocortes S.A.S, is known for providing customized steel products such as sheets and profiles to various sectors, including heavy machinery and mining industries. The breach was publicly disclosed on August 6, 2025, indicating a recent compromise. The page includes a screenshot of internal data, emphasizing the seriousness of the incident. The attackers claim to have exfiltrated sensitive information, with a dedicated claim URL provided for verification. The compromise affects the company’s online presence and operational security, although specific details about the nature of the stolen data are not publicly disclosed. As the attack was publicly announced, further investigation into the scope may be necessary to determine the full impact on the organization’s internal systems and client data.

The leak page features a link to a secure Tor-based site where the data purportedly resides. It also displays a screenshot illustrating some internal material, which may include confidential documents or administrative information. The targeted company operates within the manufacturing sector in Colombia, with no immediate indication of other affected entities. No contact or PII details are visible on the leak page, adhering to security and privacy guidelines. The incident underscores the ongoing risks faced by industrial manufacturers from advanced ransomware groups, highlighting the importance of robust cybersecurity measures. Additional analysis may be required to evaluate the potential fallout and remediation steps necessary to mitigate further damage.