Ransomware Group: QILIN

VICTIM NAME: Inotiv, Inc

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

On August 11, 2025, a leak page associated with the ransomware group Qilin claims to have compromised Inotiv, Inc., a United States–based, publicly traded contract research organization (CRO) that provides nonclinical and analytical drug discovery and development services to the pharmaceutical and medical device industries. The post frames the incident as a data-leak event rather than a traditional encryption breach and asserts that a substantial volume of Inotiv’s research data from the past decade has been made publicly accessible. The leaked archive is described as containing development and testing information for dozens of drugs, suggesting a broad exfiltration of sensitive research material. The page warns that the public release could lead to contract terminations and fines running into hundreds of millions of dollars and would inflict significant reputational and financial damage on the company. Notably, no explicit ransom amount is disclosed within the available excerpt; the emphasis is on data exfiltration and public disclosure rather than a stated monetary demand.

The leak page notes the presence of multiple visual attachments—12 images—that appear to be screenshots of internal documents or related graphics intended to illustrate the alleged data loss. These images are described in general terms, with no detailed summaries provided for their contents. The post also mentions a claims URL and includes metadata that lists contact-related fields (redacted for privacy) such as a Jabber handle and a Tox fingerprint, along with a redacted FTP credential, though the sensitive details themselves are not displayed in the summarized text. A compromise date of August 11, 2025 is indicated on the page, consistent with the overall leak narrative. The presentation aligns with common ransomware leak-page patterns that emphasize data exposure and potential consequences to the victim’s operations, rather than focusing on encryption of systems alone.