Ransomware Group: QILIN

VICTIM NAME: gibbswire[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

On August 25, 2025, a ransomware leak page associated with gibbswire[.]com was published by the threat group Qilin. The page presents Gibbs Interwire, a US-based manufacturer described as a leading processor and distributor of strip coil and wire products across stainless steel, carbon steel, nickel alloys, and red metals, as a victim of a ransomware intrusion. The post frames the incident as a data exfiltration event rather than a straightforward encryption, and the date shown corresponds to the public disclosure of the materials. The leak page indicates a claim URL, suggesting the attackers offer a way to verify or publicize their claims, a pattern common to data-leak extortion campaigns. The page also features a gallery of 11 image attachments, which appear to be internal documents or related visuals hosted on a Tor onion service. The dataset does not provide an explicit ransom amount, with the income_or_ransom field left empty.

The body excerpt and metadata reference attacker contact channels (a Jabber handle and a TOX fingerprint), but the actual contact details are redacted in the supplied data. An FTP address is also cited in the excerpt, though its specifics are likewise redacted. The content is in English and identifies gibbswire[.]com as a US manufacturing company, consistent with Gibbs Interwire’s described business. The presence of 11 image attachments and a claim URL aligns with ransomware-leak patterns that showcase stolen material and public claims, though there is no explicit ransom figure stated in the provided data. The post date remains August 25, 2025, which serves as the published date for this leak entry and indicates the timing of the disclosure rather than a confirmed compromise date. The leak is associated with the Qilin group, as reflected by the metadata.