Ransomware Group: QILIN

VICTIM NAME: liabergamo[.]it

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The leak entry for the victim liabergamo[.]it is dated 2025-08-11. The post is attributed to the threat actor group qilin and describes liabergamo[.]it as the victim. The narrative presents a broad union of businessmen from Bergamo and other Italian cities that purportedly threatens the existence of dozens of Italian companies. According to the post, this association aimed to unite business leaders to sell them labor-relations services, implying an extortion or intimidation motive rather than a conventional encryption event. The victim’s industry is not listed in the data (Not Found), and no ransom amount is stated in the available metadata. The page indicates a claim URL (defanged) as part of the data-leak/extortion framing. The post also notes that 11 image attachments are present, described in the metadata as screenshots or internal-document previews.

The leaked page includes an excerpt that references contact channels and some credentials, but any PII is redacted in the supplied data. The 11 images appear to be onion-hosted previews of internal materials; their exact contents are not described here. No explicit compromise date is provided beyond the post date, so the 2025-08-11 date is treated as the post date for the leak entry. The overall presentation aligns with a data-exfiltration/extortion narrative rather than a pure encryption incident, and there is no published ransom figure in the information provided.