Ransomware Group: QILIN

VICTIM NAME: Lipapromet

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

Lipapromet, a Croatian LED lighting solutions provider founded in Zagreb in 1990, is presented as a victim on a ransomware leak page dated 2025-10-06. The post frames the incident as a data-leak event, asserting that confidential information has been exfiltrated and could be released publicly. It cites Lipapromet’s 2024 revenue as €31,728,953 and notes that the company has operated at a profit for the past two years. The leaked materials are described as internal accounting records, contracts, credit obligations, and personal information about employees. The page opens with the line “is there light at the end of the tunnel?” signaling Lipapromet’s victim status. The content centers on Lipapromet; other company names mentioned in the page text are not the focus of this summary.

The leak page includes 25 images, described as screenshots of internal documents or related materials; the exact contents of these images are not detailed in the public text. In addition to the image attachments, the page lists attacker contact options, including a Jabber address (the address is redacted in this summary as [REDACTED_EMAIL]) and an FTP login line with credentials (also redacted for safety). A claim URL is indicated on the page, suggesting a route to view or obtain the data. No ransom figure is provided in the dataset. The post date is 2025-10-06, and there is no explicit compromise date stated, so the published date is treated as the post date. The material aligns with typical ransomware data-leak tactics intended to pressure the victim with exposed internal documents.