Ransomware Group: QILIN

VICTIM NAME: www[.]auto-bernhard[.]at

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

On September 30, 2025, a ransomware leak post associated with the victim domain www[.]auto-bernhard[.]at appeared. The victim operates in the Transportation/Logistics sector and is listed with an Austria (AT) designation. The post describes a data-leak incident, asserting that a global data leak has exposed the personal data of all its customers. A claim URL is indicated on the leak page, intended for ransom negotiations, though the exact URL is not included in this summary. The page contains 15 images that appear to be screenshots of internal documents or related materials. Because the dataset does not provide a distinct compromise date, the post date of September 30, 2025 is treated as the publication date for the leak. The summary preserves the victim_name as the primary identifier and does not mention other firms named in the leak text.

From the available excerpt, the attackers claim that the leaked material includes personal data for all customers, and the description implies a potential reputational impact for the victim. The breach is described in terms of data exfiltration and public leakage rather than a straightforward encryption event. The sanitized data references contact handles and file-transfer credentials, but such details are redacted in the provided data. No explicit ransom amount is stated in the visible portion of the leak, and no additional downloadable payload is noted beyond the 15 images. The page’s presentation aligns with common ransomware-leak patterns that accompany data exfiltration announcements and the possible public release of stolen material.